c - 使用 openssl 进行数据加密/解密

Question

我想使用 openssl 使用 AES 128 加密/解密数据。

void main(void)
{
    unsigned char key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,  0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
    AES_KEY enc_key, dec_Key;
    unsigned char text = "Data encryption/ecryption with openssl";
    unsigned char encrtext[64], decrptext[64];

    AES_set_encrypt_key(key, 128, &enc_Key);
    AES_encrypt(text, encrtext, &enc_Key); 

    AES_set_decrypt_key(key,128,&dec_key);
    AES_decrypt(encrtext, decrptext, &dec_Key);

    printf("Data = %s",decrptext);
}

这个程序的执行给出了

Data = Data encryption/

我看到只有16个字符被加密和解密。

Answer 1

OpenSSL 支持单次加密，前提是您设置了一个有效的 key ，提供了一个适当的 IV，并调用了适当的函数(其中一个可能看起来很奇怪，调用加密函数来解密，但实际上它是一个对称算法所以不要对此感到震惊):

示例如下。请注意，加密 block 在最后一个 block 被加密之前被正确填充，并且填充在解密过程中被丢弃(这是你想要的):

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h
#include <openssl/aes.h>
#include <openssl/rand.h>

/* a simple hex-print routine. could be modified to print 16 bytes-per-line */
static void hex_print(const void* pv, size_t len)
{
    const unsigned char * p = (const unsigned char*)pv;
    if (NULL == pv)
        printf("NULL");
    else
    {
        size_t i = 0;
        for (; i<len;++i)
            printf("%02X ", *p++);
    }
    printf("\n");
}

/* main entrypoint */
int main(int argc, char **argv)
{
    int keylength;
    printf("Give a key length [only 128 or 192 or 256!]: ");
    scanf("%d", &keylength);

    /* generate a key with a given length */
    unsigned char aes_key[keylength/8];
    if (!RAND_bytes(aes_key, keylength/8))
        exit(-1);

    size_t inputslength = 0;
    printf("Give an input's length:\n");
    scanf("%lu", &inputslength);

    /* generate input with a given length */
    unsigned char aes_input[inputslength];
    memset(aes_input, 'X', inputslength);

    /* init vector */
    unsigned char iv_enc[AES_BLOCK_SIZE], iv_dec[AES_BLOCK_SIZE];
    RAND_bytes(iv_enc, AES_BLOCK_SIZE);
    memcpy(iv_dec, iv_enc, AES_BLOCK_SIZE);

    /* buffers for encryption and decryption */
    const size_t encslength = ((inputslength + AES_BLOCK_SIZE) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
    unsigned char enc_out[encslength];
    unsigned char dec_out[inputslength];
    memset(enc_out, 0, sizeof(enc_out));
    memset(dec_out, 0, sizeof(dec_out));

    /* initialize encryption key, encrypt */
    AES_KEY enc_key, dec_key;
    AES_set_encrypt_key(aes_key, keylength, &enc_key);
    AES_cbc_encrypt(aes_input, enc_out, inputslength, &enc_key, iv_enc, AES_ENCRYPT);

    /* same key and if for decrypt */
    AES_set_decrypt_key(aes_key, keylength, &dec_key);
    AES_cbc_encrypt(enc_out, dec_out, encslength, &dec_key, iv_dec, AES_DECRYPT);

    printf("original:\n");
    hex_print(aes_input, sizeof(aes_input));

    printf("encrypt:\n");
    hex_print(enc_out, sizeof(enc_out));

    printf("decrypt:\n");
    hex_print(dec_out, sizeof(dec_out));

    return 0;
}

输出(显然你的会有所不同)

Give a key length [only 128 or 192 or 256!]: 192
Give an input's length:
27
original:
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 
encrypt:
5F F1 57 AA 3C BC C3 10 49 34 E7 E8 CB 6D 4D B0 AE BB 14 04 C0 26 D6 B7 A4 69 0B 3F 92 84 97 A0 
decrypt:
58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 
Program ended with exit code: 0