C AES加密与密码的base64编码_C_Encryption_Openssl_Aes

C AES加密与密码的base64编码

c encryption openssl

C AES加密与密码的base64编码,c,encryption,openssl,aes,C,Encryption,Openssl,Aes,我正在尝试使用下面发布的代码来加密，使用的是openssl EVP_aes_256_cbc（），我已经测试了下面的代码，它工作正常。我期待的是得到密码，然后执行base64编码并返回相同的密码我知道以下命令： openssl enc -aes-256-cbc -a -in /u/zsyed10/T.dat -out /u/zsyed10/T_ENC.dat 但不确定是否有任何EVP函数返回base64encoded cipher #include <string.h> #incl

我正在尝试使用下面发布的代码来加密，使用的是

openssl EVP_aes_256_cbc（）

，我已经测试了下面的代码，它工作正常。我期待的是得到密码，然后执行

base64

编码并返回相同的密码

我知道以下命令：

openssl enc -aes-256-cbc -a -in /u/zsyed10/T.dat -out /u/zsyed10/T_ENC.dat

但不确定是否有任何EVP函数返回

base64

encoded cipher

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/aes.h>



/**
 * Create an 256 bit key and IV using the supplied key_data. salt can be added for taste.
 * Fills in the encryption and decryption ctx objects and returns 0 on success
 **/
int aes_init(unsigned char *key_data, int key_data_len, unsigned char *salt, EVP_CIPHER_CTX *e_ctx, 
             EVP_CIPHER_CTX *d_ctx)
{
  int i, nrounds = 5;
  unsigned char key[32], iv[32];

  /*
   * Gen key & IV for AES 256 CBC mode. A SHA1 digest is used to hash the supplied key material.
   * nrounds is the number of times the we hash the material. More rounds are more secure but
   * slower.
   */
  i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data, key_data_len, nrounds, key, iv);
  if (i != 32) {
    printf("Key size is %d bits - should be 256 bits\n", i);
    return -1;
  }

  EVP_CIPHER_CTX_init(e_ctx);
  EVP_EncryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
  EVP_CIPHER_CTX_init(d_ctx);
  EVP_DecryptInit_ex(d_ctx, EVP_aes_256_cbc(), NULL, key, iv);

  return 0;
}

/*
 * Encrypt *len bytes of data
 * All data going in & out is considered binary (unsigned char[])
 */
unsigned char *aes_encrypt(EVP_CIPHER_CTX *e, unsigned char *plaintext, int *len)
{
  /* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 bytes */
  int c_len = *len + AES_BLOCK_SIZE, f_len = 0;
  unsigned char *ciphertext = malloc(c_len);

  /* allows reusing of 'e' for multiple encryption cycles */
  EVP_EncryptInit_ex(e, NULL, NULL, NULL, NULL);

  /* update ciphertext, c_len is filled with the length of ciphertext generated,
    *len is the size of plaintext in bytes */
  EVP_EncryptUpdate(e, ciphertext, &c_len, plaintext, *len);

  /* update ciphertext with the final remaining bytes */
  EVP_EncryptFinal_ex(e, ciphertext+c_len, &f_len);

  *len = c_len + f_len;
  return ciphertext;
}

/*
 * Decrypt *len bytes of ciphertext
 */
unsigned char *aes_decrypt(EVP_CIPHER_CTX *e, unsigned char *ciphertext, int *len)
{
  /* because we have padding ON, we must allocate an extra cipher block size of memory */
  int p_len = *len, f_len = 0;
  unsigned char *plaintext = malloc(p_len + AES_BLOCK_SIZE);

  EVP_DecryptInit_ex(e, NULL, NULL, NULL, NULL);
  EVP_DecryptUpdate(e, plaintext, &p_len, ciphertext, *len);
  EVP_DecryptFinal_ex(e, plaintext+p_len, &f_len);

  *len = p_len + f_len;
  return plaintext;
}

int main(int argc, char **argv)
{
  /* "opaque" encryption, decryption ctx structures that libcrypto uses to record
     status of enc/dec operations */
  EVP_CIPHER_CTX en, de;

  /* 8 bytes to salt the key_data during key generation. This is an example of
     compiled in salt. We just read the bit pattern created by these two 4 byte 
     integers on the stack as 64 bits of contigous salt material - 
     ofcourse this only works if sizeof(int) >= 4 */
  unsigned int salt[] = {12345, 54321};
  unsigned char *key_data;
  int key_data_len, i;
  char *input[] = {"a", "abcd", "this is a test", "this is a bigger test", 
                   "\nWho are you ?\nI am the 'Doctor'.\n'Doctor' who ?\nPrecisely!",
                   NULL};

  /* the key_data is read from the argument list */
  key_data = (unsigned char *)argv[1];
  key_data_len = strlen(argv[1]);

  /* gen key and iv. init the cipher ctx object */
  if (aes_init(key_data, key_data_len, (unsigned char *)&salt, &en, &de)) {
    printf("Couldn't initialize AES cipher\n");
    return -1;
  }

  /* encrypt and decrypt each input string and compare with the original */
  for (i = 0; input[i]; i++) {
    char *plaintext;
    unsigned char *ciphertext;
    int olen, len;

    /* The enc/dec functions deal with binary data and not C strings. strlen() will 
       return length of the string without counting the '\0' string marker. We always
       pass in the marker byte to the encrypt/decrypt functions so that after decryption 
       we end up with a legal C string */
    olen = len = strlen(input[i])+1;

    ciphertext = aes_encrypt(&en, (unsigned char *)input[i], &len);
    plaintext = (char *)aes_decrypt(&de, ciphertext, &len);

    if (strncmp(plaintext, input[i], olen)) 
      printf("FAIL: enc/dec failed for \"%s\"\n", input[i]);
    else 
      printf("OK: enc/dec ok for \"%s\"\n", plaintext);

    free(ciphertext);
    free(plaintext);
  }

  EVP_CIPHER_CTX_cleanup(&en);
  EVP_CIPHER_CTX_cleanup(&de);

  return 0;
}

正如在EVP_EncryptUpdate（）之前和之后出现的那样：

EVP_EncryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv);

它不是用空值覆盖key和IV，从而使key和IV的用法过时

我知道它正在重置，以便可以再次使用上下文，但如果它出现在

EVP\u EncryptUpdate（）

之后，则更有意义。您需要添加

BIO

过滤器。请参阅上的文档。或者，您可以使用另一个库中的编码器。如果您使用OpenSSL的

BIO

，那么您会对

aes\u encrypt

和

aes\u decrypt

的数据反复调用

BIO\u read

或

BIO\u write

。Base64是应用于密码输出的东西。它实际上不是密码本身的一部分，即使它在命令行中看起来是这样的。因此，C代码将具有不同的加密和编码功能。另外一个用于使用

EVP.*

函数，而不是

AES_encrypt

和friends。事实上，您可能应该使用经过身份验证的加密，因为它同时提供机密性和真实性。请参见OpenSSL wiki上的。用于某些内部组件。以前使用MD5，1.1.0切换到SHA256。请注意，此更改不会影响

EVP\u BytesToKey

和

openssl enc

等命令。

EVP_EncryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv);