openssl evp-蒲公英云

openssl evp 对称加密(AES_ecb,ccb)

evp.h 封装了openssl常用密码学工具，以下主要说对称加密的接口

如下使用 aes_256_ecb 模式的加密解密测试代码

复制代码

unsigned char key[32] = {
   1};
    unsigned char iv[16] = {
   0};
    unsigned char *inStr = "this is test string";
    int inLen = strlen(inStr);
    int encLen = 0;
    int outlen = 0;
    unsigned char encData[1024];
    printf("source: %s\n",inStr);
    //加密
    EVP_CIPHER_CTX *ctx;
    ctx = EVP_CIPHER_CTX_new();
    EVP_CipherInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, iv, 1);
    EVP_CipherUpdate(ctx, encData, &outlen, inStr, inLen);
    encLen = outlen;
    EVP_CipherFinal(ctx, encData+outlen, &outlen);
    encLen += outlen;
    EVP_CIPHER_CTX_free(ctx);
    //解密
    int decLen = 0;
    outlen = 0;
    unsigned char decData[1024];
    EVP_CIPHER_CTX *ctx2;
    ctx2 = EVP_CIPHER_CTX_new();
    EVP_CipherInit_ex(ctx2, EVP_aes_256_ecb(), NULL, key, iv, 0);
    EVP_CipherUpdate(ctx2, decData, &outlen, encData, encLen);
    decLen = outlen;
    EVP_CipherFinal(ctx2, decData+outlen, &outlen);
    decLen += outlen;
    EVP_CIPHER_CTX_free(ctx2);
    decData[decLen] = '\0';
    printf("decrypt: %s\n",decData);

复制代码

如上这种init,update,final的调用方式和之前提供的哈希接口调用方式差不多

大致流程

EVP_CipherInit_ex 初始化加密使用的key,iv，算法模式，最后一个参数，1表示加密，0表示解密

EVP_CipherUpdate 加密解密处理

EVP_CipherFinal 获取结果

由上测试代码中 EVP_CipherInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, iv, 1); 使用的算法模式为 EVP_aes_256_ecb()

根据接口 evp.h可知其他的对称加密算法有如下

复制代码

const EVP_CIPHER *EVP_des_ecb(void);
const EVP_CIPHER *EVP_des_ede(void);
const EVP_CIPHER *EVP_des_ede3(void);
...
const EVP_CIPHER *EVP_idea_ecb(void);
const EVP_CIPHER *EVP_idea_cfb64(void);
const EVP_CIPHER *EVP_idea_ofb(void);
.....
const EVP_CIPHER *EVP_bf_cbc(void);
const EVP_CIPHER *EVP_bf_cfb64(void);
.....
const EVP_CIPHER *EVP_cast5_ecb(void);
const EVP_CIPHER *EVP_cast5_cbc(void);
.....
const EVP_CIPHER *EVP_aes_128_ecb(void);
const EVP_CIPHER *EVP_aes_128_cbc(void);
const EVP_CIPHER *EVP_aes_128_cfb1(void);
......
const EVP_CIPHER *EVP_aes_256_ecb(void);
const EVP_CIPHER *EVP_aes_256_cbc(void);
const EVP_CIPHER *EVP_aes_256_cfb1(void);
....
const EVP_CIPHER *EVP_camellia_128_cfb1(void);
const EVP_CIPHER *EVP_camellia_128_cfb8(void);
const EVP_CIPHER *EVP_camellia_128_cfb128(void);
......
//以上省略表示还有很多，这里只是列出部分

复制代码

选取相应的算法对应修改上面的测试代码即可，实现对称加密体系中其他算法的加密解密

EVP中对称加密的主要接口有

复制代码

__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv);
/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv);
/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl, const unsigned char *in, int inl);
/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                   int *outl);
/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                int *outl);
__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                           const unsigned char *key, const unsigned char *iv);
/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
                                  const EVP_CIPHER *cipher, ENGINE *impl,
                                  const unsigned char *key,
                                  const unsigned char *iv);
/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 int *outl, const unsigned char *in, int inl);
__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                            int *outl);
/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                                   int *outl);
__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                          const unsigned char *key, const unsigned char *iv,
                          int enc);
/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
                                 const EVP_CIPHER *cipher, ENGINE *impl,
                                 const unsigned char *key,
                                 const unsigned char *iv, int enc);
__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                            int *outl, const unsigned char *in, int inl);
__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                           int *outl);
__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
                              int *outl);

复制代码

上面的例子之中，我使用的是EVP_Cipher相关api处理的对称加密

如下，我们还可以直接使用上面的 EVP_Encrypt,EVP_Decrypt 接口来处理加密解密

封装加密解密

复制代码

//加密
int kk_encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
               unsigned char *iv, unsigned char *ciphertext)
{
    EVP_CIPHER_CTX *ctx;
    int len;
    int ciphertext_len;
    ctx = EVP_CIPHER_CTX_new();
    EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
    EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len);
    ciphertext_len = len;
    EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);
    ciphertext_len += len;
    EVP_CIPHER_CTX_free(ctx);
    return ciphertext_len;
}
//解密
int kk_decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key,
               unsigned char *iv, unsigned char *plaintext)
{
    EVP_CIPHER_CTX *ctx;
    int len;
    int plaintext_len;
    ctx = EVP_CIPHER_CTX_new();
    EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
    EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len);
    plaintext_len = len;
    EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
    plaintext_len += len;
    EVP_CIPHER_CTX_free(ctx);
    return plaintext_len;
}

复制代码

调用测试：

复制代码

unsigned char key[32] = {
   8};
    unsigned char iv[16] = {
   6};
    unsigned char *plaintext = (unsigned char *)"This is Test Plain Data,This is Test Plain Data.";
    unsigned char ciphertext[128];
    unsigned char decryptedtext[128];
    int decryptedtext_len, ciphertext_len;
    printf("source is: \n%s\n",plaintext);
    //加密
    ciphertext_len = kk_encrypt (plaintext, strlen ((char *)plaintext), key, iv,
                              ciphertext);
    //解密
    decryptedtext_len = kk_decrypt(ciphertext, ciphertext_len, key, iv,
                                decryptedtext);
    decryptedtext[decryptedtext_len] = '\0';
    printf("Decrypted text is:\n");
    printf("%s\n", decryptedtext);

复制代码

和上面第一个例子的流程差不多，修改其中的对称体系使用的算法即可实现其他算法处理

如果不使用EVP提供的接口，当然还可以直接使用 aes.h 提供的接口

主要接口有

复制代码

/* This should be a hidden type, but EVP requires that the size be known */
struct aes_key_st {
# ifdef AES_LONG
    unsigned long rd_key[4 * (AES_MAXNR + 1)];
# else
    unsigned int rd_key[4 * (AES_MAXNR + 1)];
# endif
    int rounds;
};
typedef struct aes_key_st AES_KEY;
const char *AES_options(void);
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                        AES_KEY *key);
int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
                        AES_KEY *key);
void AES_encrypt(const unsigned char *in, unsigned char *out,
                 const AES_KEY *key);
void AES_decrypt(const unsigned char *in, unsigned char *out,
                 const AES_KEY *key);
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
                     const AES_KEY *key, const int enc);
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
                     size_t length, const AES_KEY *key,
                     unsigned char *ivec, const int enc);
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
                        size_t length, const AES_KEY *key,
                        unsigned char *ivec, int *num, const int enc);
void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
                      size_t length, const AES_KEY *key,
                      unsigned char *ivec, int *num, const int enc);
void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
                      size_t length, const AES_KEY *key,
                      unsigned char *ivec, int *num, const int enc);
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                        size_t length, const AES_KEY *key,
                        unsigned char *ivec, int *num);
/* NB: the IV is _two_ blocks long */
void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
                     size_t length, const AES_KEY *key,
                     unsigned char *ivec, const int enc);
/* NB: the IV is _four_ blocks long */
void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
                        size_t length, const AES_KEY *key,
                        const AES_KEY *key2, const unsigned char *ivec,
                        const int enc);
int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
                 unsigned char *out,
                 const unsigned char *in, unsigned int inlen);
int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
                   unsigned char *out,
                   const unsigned char *in, unsigned int inlen);

复制代码

测试接口AES_encrypt,AES_decrypt

复制代码

//测试1
void kk_aes_encrypt(char *inData,char *key,char *outData)
{
    AES_KEY encKey;
    AES_set_encrypt_key(key, 128, &encKey);
    int inLen = strlen(inData);
    int encLen = 0;
    //分组加密
    while (encLen <inLen) {
        AES_encrypt(inData, outData, &encKey);
        inData += AES_BLOCK_SIZE;
        outData+=AES_BLOCK_SIZE;
        encLen +=AES_BLOCK_SIZE;
    }
}
void kk_aes_decrypt(char *inData,char *key,char *outData)
{
    AES_KEY decKey;
    AES_set_decrypt_key(key, 128, &decKey);
    int inLen = strlen(inData);
    int decLen = 0;
    //分组处理
    while (decLen < inLen) {
        AES_decrypt(inData, outData, &decKey);
        inData += AES_BLOCK_SIZE;
        outData+=AES_BLOCK_SIZE;
        decLen +=AES_BLOCK_SIZE;
    }
}
//测试
void testSIMPLEAES()
{
    char *key = "this key";
    char *ins = "test str dat,test str dat,test str dat,test str dat,QQQS";
    printf("src:%s\n",ins);
    char *encDT = malloc(strlen(ins));
    kk_aes_encrypt(ins, key, encDT);
    char *decDT = malloc(strlen(encDT));
    kk_aes_decrypt(encDT, key, decDT);
    printf("dec:%s\n",decDT);
}

复制代码

测试AES_cbc_encrypt接口

复制代码

AES_KEY encKEy;
    unsigned char *uk = "uk123";
    char encIV[AES_BLOCK_SIZE] = {
   0};
    AES_set_encrypt_key(uk, 128, &encKEy);
    char *inStr = "This wiki is intended as a place for collecting, organizing, and refining useful information about OpenSSL that is currently strewn among multiple locations and formats.";
    char *encData = malloc(1024);
    AES_cbc_encrypt(inStr, encData, strlen(inStr), &encKEy, encIV, AES_ENCRYPT);
    printf("src:%s\n",inStr);
    AES_KEY decKey;
    AES_set_decrypt_key(uk, 128, &decKey);
    char decIV[AES_BLOCK_SIZE] = {
   0};
    char *decData = malloc(1024);
    AES_cbc_encrypt(encData,decData, strlen(encData), &decKey, decIV, AES_DECRYPT);
    decData[strlen(inStr)] = '\0';
    printf("dec:%s\n",decData);
    if (strcmp(inStr, decData)==0) {
        printf("PASS\n");
    }