C语言 AES (aes-cbc-128, aes-cbc-192, aes-cbc-256) 使用 openssl C 加密/解密
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18152913/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-02 07:07:07 来源:igfitidea点击:
AES (aes-cbc-128, aes-cbc-192, aes-cbc-256) encryption/decryption with openssl C
提问by ivy
I just want to test AES from openSSL with this 3 modes: with 128,192 and 256 key length but my decrypted text is different from my input and I dont know why. Also, when I pass a huge inputs length (lets say 1024 bytes) my program shows core dumped... My input is always the same but it doesnt matter, at least for now. Heres the code:
我只想用这 3 种模式从 openSSL 测试 AES:密钥长度为 128,192 和 256,但我的解密文本与我的输入不同,我不知道为什么。另外,当我传递一个巨大的输入长度(比如 1024 字节)时,我的程序显示core dumped......我的输入总是相同的,但没关系,至少现在是这样。代码如下:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>
int main(int argc, char **argv)
{
int i;
int keylength;
printf("Give a key length [only 128 or 192 or 256!]:\n");
scanf("%d", &keylength);
/* generate a key with a given length */
unsigned char aes_key[keylength];
memset(aes_key, 0, sizeof(aes_key));
if (!RAND_bytes(aes_key, keylength))
{
exit(-1);
}
aes_key[keylength-1] = 'Give a key length [only 128 or 192 or 256!]:
128
Give an input's length:
5
original: 30 30 30 30 30
encrypted: 94 56 50 7E 19 B2 1C CE 20 23 4A E7 10 AF DB E3 30 30 30 30 30
decrypted: E1 5F F4 3D E8 8D 91 19 CD 3E 22 1E AF 1C 8F 5A 94 56 50 7E 19 B2 1C CE 20 23 4A E7 10 AF DB E3 30 30 30 30 30
';
int inputslength;
printf("Give an input's length:\n");
scanf("%d", &inputslength);
/* generate input with a given length */
unsigned char aes_input[inputslength+1];
memset(aes_input, '0', sizeof(aes_input));
aes_input[inputslength] = '#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>
#include <openssl/rand.h>
// a simple hex-print routine. could be modified to print 16 bytes-per-line
static void hex_print(const void* pv, size_t len)
{
const unsigned char * p = (const unsigned char*)pv;
if (NULL == pv)
printf("NULL");
else
{
size_t i = 0;
for (; i<len;++i)
printf("%02X ", *p++);
}
printf("\n");
}
// main entrypoint
int main(int argc, char **argv)
{
int keylength;
printf("Give a key length [only 128 or 192 or 256!]:\n");
scanf("%d", &keylength);
/* generate a key with a given length */
unsigned char aes_key[keylength/8];
memset(aes_key, 0, keylength/8);
if (!RAND_bytes(aes_key, keylength/8))
exit(-1);
size_t inputslength = 0;
printf("Give an input's length:\n");
scanf("%lu", &inputslength);
/* generate input with a given length */
unsigned char aes_input[inputslength];
memset(aes_input, 'X', inputslength);
/* init vector */
unsigned char iv_enc[AES_BLOCK_SIZE], iv_dec[AES_BLOCK_SIZE];
RAND_bytes(iv_enc, AES_BLOCK_SIZE);
memcpy(iv_dec, iv_enc, AES_BLOCK_SIZE);
// buffers for encryption and decryption
const size_t encslength = ((inputslength + AES_BLOCK_SIZE) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
unsigned char enc_out[encslength];
unsigned char dec_out[inputslength];
memset(enc_out, 0, sizeof(enc_out));
memset(dec_out, 0, sizeof(dec_out));
// so i can do with this aes-cbc-128 aes-cbc-192 aes-cbc-256
AES_KEY enc_key, dec_key;
AES_set_encrypt_key(aes_key, keylength, &enc_key);
AES_cbc_encrypt(aes_input, enc_out, inputslength, &enc_key, iv_enc, AES_ENCRYPT);
AES_set_decrypt_key(aes_key, keylength, &dec_key);
AES_cbc_encrypt(enc_out, dec_out, encslength, &dec_key, iv_dec, AES_DECRYPT);
printf("original:\t");
hex_print(aes_input, sizeof(aes_input));
printf("encrypt:\t");
hex_print(enc_out, sizeof(enc_out));
printf("decrypt:\t");
hex_print(dec_out, sizeof(dec_out));
return 0;
}
';
/*printf("original:\t");
for(i=0; i<inputslength; i++)
{
printf("%c ", aes_input[i]);
}
printf("\n");*/
/* init vector */
unsigned char iv[AES_BLOCK_SIZE];
if (!RAND_bytes(iv, AES_BLOCK_SIZE))
{
exit(-1);
}
//printf("AES_BLOCK_SIZE = %d\n", AES_BLOCK_SIZE); // aes block size is 16 bytes = 128 bits
AES_KEY enc_key, dec_key;
unsigned char enc_out[AES_BLOCK_SIZE];
unsigned char dec_out[AES_BLOCK_SIZE];
// so i can do with this aes-cbc-128 aes-cbc-192 aes-cbc-256
AES_set_encrypt_key(aes_key, keylength, &enc_key);
AES_cbc_encrypt(aes_input, enc_out, inputslength, &enc_key, iv, AES_ENCRYPT);
AES_set_decrypt_key(aes_key, keylength, &dec_key);
AES_decrypt(enc_out, dec_out, &dec_key);
printf("original:\t");
for(i=0;*(aes_input+i)!=0x00;i++)
printf("%X ",*(aes_input+i));
printf("\nencrypted:\t");
for(i=0;*(enc_out+i)!=0x00;i++)
printf("%X ",*(enc_out+i));
printf("\ndecrypted:\t");
for(i=0;*(dec_out+i)!=0x00;i++)
printf("%X ",*(dec_out+i));
printf("\n");
/*printf("\n\noriginal:\t");
for(i=0; i<inputslength; i++)
{
printf("%x ", dec_out[i]);
}
printf("\n");*/
return 0;
}
EDIT:
编辑:
When I changed outputs sizes to inputslengthinstead of AES_BLOCK_SIZEI got results:
当我将输出大小改为inputslength而不是AES_BLOCK_SIZE我得到结果时:
Give a key length [only 128 or 192 or 256!]:
128
Give an input's length:
10
original: 58 58 58 58 58 58 58 58 58 58
encrypt: A9 66 C5 24 A4 02 AB 96 08 65 F7 22 A5 FB BE 26
decrypt: 58 58 58 58 58 58 58 58 58 58
So is it possible that theres an issue with outpus sizes and the size of the iv? What sizes they should have (for AES-CBC-128, AES-CBC-192, AES-CBC-256)?
那么有没有可能是输出大小和 iv 的大小有问题?它们应该有什么尺寸(对于 AES-CBC-128、AES-CBC-192、AES-CBC-256)?
回答by WhozCraig
Take a peek at this modified version of your code. Note the following:
看一看这个修改后的代码版本。请注意以下事项:
- Added hex_print (minor)
- Added proper sizing of key buffer (medium).
- Added proper sizing of output encryption buffer (which must be a block-size multiple, and if original source buffer is an exact block-size multiple, you still need one full block of padding (see PKCS 5 padding for more info).
- Same IV used for both encrypt and decrypt.
- Finally, odd as it may seem
AES_cbc_encrypt()is used for bothencryption and decryption (see the last parameter in the call).
- 添加了 hex_print(次要)
- 添加了适当大小的密钥缓冲区(中等)。
- 添加了适当大小的输出加密缓冲区(必须是块大小的倍数,如果原始源缓冲区是精确的块大小倍数,您仍然需要一个完整的填充块(有关更多信息,请参阅 PKCS 5 填充)。
- 用于加密和解密的相同 IV。
- 最后,虽然看起来
AES_cbc_encrypt()很奇怪,但它同时用于加密和解密(请参阅调用中的最后一个参数)。
Source Code
源代码
Give a key length [only 128 or 192 or 256!]:
128
Give an input's length:
10
original: 58 58 58 58 58 58 58 58 58 58
encrypt: C2 47 6D B1 A1 68 29 53 55 74 C5 CC 3F 27 0A 3F
decrypt: 58 58 58 58 58 58 58 58 58 58
Test Output
测试输出
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>
#include <openssl/rand.h>
// a simple hex-print routine. could be modified to print 16 bytes-per-line
static void hex_print(const void* pv, size_t len)
{
const unsigned char * p = (const unsigned char*)pv;
if (NULL == pv)
printf("NULL");
else
{
size_t i = 0;
for (; i<len;++i)
printf("%02X ", *p++);
}
printf("\n");
}
// main entrypoint
int main(int argc, char **argv)
{
size_t inputslength = 0;
printf("Give an input's length:\n");
scanf("%lu", &inputslength);
int keylength;
printf("Give a key length [only 128 or 192 or 256!]:\n");
scanf("%d", &keylength);
// generate a key with a given length
unsigned char *aes_key = (unsigned char*)malloc(sizeof(unsigned char) * (keylength/8));
memset(aes_key, 0, keylength/8);
RAND_bytes(aes_key, keylength/8);
// generate input with a given length
unsigned char *aes_input = (unsigned char*)malloc(sizeof(unsigned char) * (inputslength));
memset(aes_input, 'X', sizeof(aes_input));
// init vectors
unsigned char *iv_enc = (unsigned char*)malloc(sizeof(unsigned char) * (AES_BLOCK_SIZE));
unsigned char *iv_dec = (unsigned char*)malloc(sizeof(unsigned char) * (AES_BLOCK_SIZE));
// iv_dec == iv_enc
RAND_bytes(iv_enc, AES_BLOCK_SIZE);
memcpy(iv_dec, iv_enc, AES_BLOCK_SIZE);
// buffers for encryption and decryption
const size_t length = (((inputslength + AES_BLOCK_SIZE) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE);
unsigned char *enc_out = (unsigned char*)malloc(sizeof(unsigned char) * (length));
unsigned char *dec_out = (unsigned char*)malloc(sizeof(unsigned char) * (inputslength));
// so i can do with this aes-cbc-128 aes-cbc-192 aes-cbc-256
AES_KEY encKey, decKey;
AES_set_encrypt_key(aes_key, keylength, &encKey);
AES_cbc_encrypt(aes_input, enc_out, inputslength, &encKey, iv_enc, AES_ENCRYPT);
AES_set_decrypt_key(aes_key, keylength, &decKey);
AES_cbc_encrypt(enc_out, dec_out, length, &decKey, iv_dec, AES_DECRYPT);
printf("original:\t");
hex_print(aes_input, sizeof(aes_input));
printf("encrypt:\t");
hex_print(enc_out, sizeof(enc_out));
printf("decrypt:\t");
hex_print(dec_out, sizeof(dec_out));
free(aes_key);
aes_key = NULL;
free(aes_input);
aes_input = NULL;
free(iv_enc);
iv_enc = NULL;
free(iv_dec);
iv_dec = NULL;
free(enc_out);
enc_out = NULL;
free(dec_out);
dec_out = NULL;
return 0;
}
Second Test Output
第二个测试输出
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>
#include <openssl/rand.h>
// a simple hex-print routine. could be modified to print 16 bytes-per-line
static void hex_print(const void* pv, size_t len)
{
const unsigned char * p = (const unsigned char*)pv;
if (NULL == pv)
printf("NULL");
else
{
size_t i = 0;
for (; i<len;++i)
printf("%02X ", *p++);
}
printf("\n");
}
// main entrypoint
int main(int argc, char **argv)
{
int keylength;
printf("Give a key length [only 128 or 192 or 256!]:\n");
scanf("%d", &keylength);
/* generate a key with a given length */
unsigned char *aes_key = (unsigned char*)malloc(sizeof(unsigned char) * (keylength/8));
memset(aes_key, 0, keylength/8);
if (!RAND_bytes(aes_key, keylength/8))
exit(-1);
size_t inputslength = 0;
printf("Give an input's length:\n");
scanf("%lu", &inputslength);
/* generate input with a given length */
unsigned char *aes_input = (unsigned char*)malloc(sizeof(unsigned char) *inputslength);
memset(aes_input, 'X', inputslength);
/* init vector */
unsigned char *iv_enc = (unsigned char*)malloc(sizeof(unsigned char) *AES_BLOCK_SIZE), *iv_dec = (unsigned char*)malloc(sizeof(unsigned char) *AES_BLOCK_SIZE);
RAND_bytes(iv_enc, AES_BLOCK_SIZE);
memcpy(iv_dec, iv_enc, AES_BLOCK_SIZE);
// buffers for encryption and decryption
const size_t encslength = ((inputslength + AES_BLOCK_SIZE) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
unsigned char *enc_out = (unsigned char*)malloc(sizeof(unsigned char) *encslength);
unsigned char *dec_out = (unsigned char*)malloc(sizeof(unsigned char) *inputslength);
memset(enc_out, 0, sizeof(enc_out));
memset(dec_out, 0, sizeof(dec_out));
// so i can do with this aes-cbc-128 aes-cbc-192 aes-cbc-256
AES_KEY enc_key, dec_key;
AES_set_encrypt_key(aes_key, keylength, &enc_key);
AES_cbc_encrypt(aes_input, enc_out, inputslength, &enc_key, iv_enc, AES_ENCRYPT);
AES_set_decrypt_key(aes_key, keylength, &dec_key);
AES_cbc_encrypt(enc_out, dec_out, encslength, &dec_key, iv_dec, AES_DECRYPT);
printf("original:\t");
hex_print(aes_input, inputslength);
printf("encrypt:\t");
hex_print(enc_out, encslength);
printf("decrypt:\t");
hex_print(dec_out, inputslength);
// free memory here
return 0;
}
I sincerely hope this helps.
我真诚地希望这会有所帮助。
回答by ivy
@WhozCraig: thank you so much for help! It explained a lot to me! But theres just one more issue. I changed static arrays into dynamic ones. When I did it, some erros occured. But they occure only when I give a huge inputs size, take a look at valgrind output: http://pastie.org/private/bzofrrtgrlzr0doyb3g. Error occurs only when I pass a huge input, when I pass a small size (like in your example, 10) its ok. Everything else is working perfectly.
@WhozCraig:非常感谢您的帮助!它向我解释了很多!但还有一个问题。我将静态数组更改为动态数组。当我这样做时,发生了一些错误。但是只有当我给出一个巨大的输入大小时它们才会发生,看看 valgrind 输出:http: //pastie.org/private/bzofrrtgrlzr0doyb3g。只有当我传递一个巨大的输入时才会发生错误,当我传递一个小尺寸(如你的例子中,10)时,它就可以了。其他一切都运行良好。
##代码##EDIT:
编辑:
Ok, something was wrong with the prev code I posted, heres a new one, working perfectly, even for a huge inputs. Cheers once again for helping me!:)
好的,我发布的上一个代码有问题,这是一个新代码,即使对于大量输入也能完美运行。再次为帮助我干杯!:)
##代码##