AES (aes-ige-128, aes-ige-192, aes-ige-256) 使用 openssl C 加密/解密 [英] AES (aes-ige-128, aes-ige-192, aes-ige-256) encryption/decryption with openssl C
问题描述
最近我终于(在 stackoverflow 的用户 @WhozCraig 的帮助下)开始在 CBC 模式下使用 AES.现在,我想做完全相同的事情,但使用 AES IGE.我查看了 openssl-1.0.1e/test/igetest.c
并尝试构建我自己的测试.但再一次,我对输入和输出的大小有问题.其他一切都很好,因为我从以前的代码中复制了它:AES (aes-cbc-128, aes-cbc-192, aes-cbc-256) 使用 openssl C 加密/解密.
Recently I finally (with help of stackoverflow's user, @WhozCraig) got to work AES in CBC mode. Now, I would like to do exact same thing but with AES IGE. I took a look at openssl-1.0.1e/test/igetest.c
and tried to build my own test. But once again, I have a problem with inputs and outputs proper sizes. Everything else is good, because I copied it from my previous code: AES (aes-cbc-128, aes-cbc-192, aes-cbc-256) encryption/decryption with openssl C.
现在,当我传递一个小于 32 的输入长度时,它说:
Now, when I pass an inputs length which is less than 32, it says:
Give a key length [only 128 or 192 or 256!]:
256
Give an input's length:
3
aes_ige.c(88): OpenSSL internal error, assertion failed: (length%AES_BLOCK_SIZE) == 0
(core dumped)
但是当长度大于 32 时,我也不太确定是否一切正常:
But when the lenght is bigger than 32, Im also not so sure if its all ok:
Give a key length [only 128 or 192 or 256!]:
256
Give an input's length:
48
original: 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58
encrypt: A4 1F C4 E8 42 5E E5 62 1A B6 C1 47 D2 2F 8D 98 D0 0B 32 77 4E 36 84 25 15 5B BA 60 EA A9 64 D2 53 D1 98 78 83 21 90 90 74 44 C7 AA 3E AD 9B 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
decrypt: 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58
代码如下:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>
#include <openssl/rand.h>
// a simple hex-print routine. could be modified to print 16 bytes-per-line
static void hex_print(const void* pv, size_t len)
{
const unsigned char * p = (const unsigned char*)pv;
if (NULL == pv)
printf("NULL");
else
{
size_t i = 0;
for (; i<len;++i)
printf("%02X ", *p++);
}
printf("\n");
}
// main entrypoint
int main(int argc, char **argv)
{
int keylength;
printf("Give a key length [only 128 or 192 or 256!]:\n");
scanf("%d", &keylength);
/* generate a key with a given length */
unsigned char aes_key[keylength/8];
memset(aes_key, 0, keylength/8);
if (!RAND_bytes(aes_key, keylength/8))
exit(-1);
size_t inputslength = 0;
printf("Give an input's length:\n");
scanf("%lu", &inputslength);
/* generate input with a given length */
unsigned char aes_input[inputslength];
memset(aes_input, 'X', inputslength);
const size_t ivsize = AES_BLOCK_SIZE*2;
/* init vector */
unsigned char iv_enc[ivsize], iv_dec[ivsize];
RAND_bytes(iv_enc, ivsize);
memcpy(iv_dec, iv_enc, ivsize);
// buffers for encryption and decryption
const size_t encslength = (inputslength/AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE;//((inputslength + AES_BLOCK_SIZE) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
unsigned char enc_out[encslength];
unsigned char dec_out[inputslength];
memset(enc_out, 0, sizeof(enc_out));
memset(dec_out, 0, sizeof(dec_out));
AES_KEY enc_key, dec_key;
AES_set_encrypt_key(aes_key, keylength, &enc_key);
AES_set_decrypt_key(aes_key, keylength, &dec_key);
AES_ige_encrypt(aes_input, enc_out, inputslength, &enc_key, iv_enc, AES_ENCRYPT);
AES_ige_encrypt(enc_out, dec_out, encslength, &dec_key, iv_dec, AES_DECRYPT);
printf("original:\t");
hex_print(aes_input, sizeof(aes_input));
printf("encrypt:\t");
hex_print(enc_out, sizeof(enc_out));
printf("decrypt:\t");
hex_print(dec_out, sizeof(dec_out));
return 0;
}
终于!成功了(希望如此).但如果有人能说下面的代码 100% 好,我将不胜感激;)
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>
#include <openssl/rand.h>
// a simple hex-print routine. could be modified to print 16 bytes-per-line
static void hex_print(const void* pv, size_t len)
{
const unsigned char * p = (const unsigned char*)pv;
if (NULL == pv)
printf("NULL");
else
{
size_t i = 0;
for (; i<len;++i)
printf("%02X ", *p++);
}
printf("\n");
}
// main entrypoint
int main(int argc, char **argv)
{
int keylength = 256;
//printf("Give a key length [only 128 or 192 or 256!]:\n");
//scanf("%d", &keylength);
/* generate a key with a given length */
unsigned char aes_key[keylength/8];
memset(aes_key, 0, keylength/8);
if (!RAND_bytes(aes_key, keylength/8))
exit(-1);
size_t inputslength = 0;
printf("Give an input's length:\n");
scanf("%lu", &inputslength);
/* generate input with a given length */
unsigned char aes_input[inputslength];
memset(aes_input, 'X', inputslength);
const size_t ivsize = AES_BLOCK_SIZE*2;
/* init vector */
unsigned char iv_enc[ivsize], iv_dec[ivsize];
RAND_bytes(iv_enc, ivsize);
memcpy(iv_dec, iv_enc, ivsize);
// buffers for encryption and decryption
const size_t encslength = ((inputslength + AES_BLOCK_SIZE) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
unsigned char enc_out[encslength];
unsigned char dec_out[inputslength];
memset(enc_out, 0, sizeof(enc_out));
memset(dec_out, 0, sizeof(dec_out));
// so i can do with this aes-cbc-128 aes-cbc-192 aes-cbc-256
AES_KEY enc_key, dec_key;
AES_set_encrypt_key(aes_key, keylength, &enc_key);
AES_ige_encrypt(aes_input, enc_out, encslength, &enc_key, iv_enc, AES_ENCRYPT);
AES_set_decrypt_key(aes_key, keylength, &dec_key);
AES_ige_encrypt(enc_out, dec_out, encslength, &dec_key, iv_dec, AES_DECRYPT);
printf("original:\t");
hex_print(aes_input, sizeof(aes_input));
printf("encrypt:\t");
hex_print(enc_out, sizeof(enc_out));
printf("decrypt:\t");
hex_print(dec_out, sizeof(dec_out));
return 0;
}
我只改变了这个:
AES_ige_encrypt(aes_input, enc_out, **inputslength**, &enc_key, iv_enc, AES_ENCRYPT);
进入:
AES_ige_encrypt(aes_input, enc_out, **encslength**, &enc_key, iv_enc, AES_ENCRYPT);
正确吗?
编辑第 2 号 ;)
好吧,伙计们,又举了一个例子,你的建议为输入添加了一些填充.希望现在可以了吗?
Ok guys, did another example, with your advices added some padding to the input. Hope its ok now?
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>
#include <openssl/rand.h>
// a simple hex-print routine. could be modified to print 16 bytes-per-line
static void hex_print(const void* pv, size_t len)
{
const unsigned char * p = (const unsigned char*)pv;
if (NULL == pv)
printf("NULL");
else
{
size_t i = 0;
for (; i<len;++i)
printf("%02X ", *p++);
}
printf("\n");
}
// main entrypoint
int main(int argc, char **argv)
{
int keylength = 256;
//printf("Give a key length [only 128 or 192 or 256!]:\n");
//scanf("%d", &keylength);
/* generate a key with a given length */
unsigned char aes_key[keylength/8];
memset(aes_key, 0, keylength/8);
if (!RAND_bytes(aes_key, keylength/8))
exit(-1);
size_t inputslength = 0;
printf("Give an input's length:\n");
scanf("%lu", &inputslength);
/* generate input with a given length */
unsigned char aes_input[inputslength];
memset(aes_input, 'X', inputslength);
const size_t ivsize = AES_BLOCK_SIZE*2;
/* init vector */
unsigned char iv_enc[ivsize], iv_dec[ivsize];
RAND_bytes(iv_enc, ivsize);
memcpy(iv_dec, iv_enc, ivsize);
// buffers for encryption and decryption
const size_t encslength = ((inputslength + AES_BLOCK_SIZE) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
unsigned char paddedinput[encslength];
memset(paddedinput, 0, encslength);
memcpy(paddedinput, aes_input, inputslength);
unsigned char enc_out[encslength];
unsigned char dec_out[inputslength];
memset(enc_out, 0, sizeof(enc_out));
memset(dec_out, 0, sizeof(dec_out));
AES_KEY enc_key, dec_key;
AES_set_encrypt_key(aes_key, keylength, &enc_key);
AES_ige_encrypt(paddedinput, enc_out, encslength, &enc_key, iv_enc, AES_ENCRYPT);
AES_set_decrypt_key(aes_key, keylength, &dec_key);
AES_ige_encrypt(enc_out, dec_out, encslength, &dec_key, iv_dec, AES_DECRYPT);
printf("original:\t");
hex_print(aes_input, sizeof(aes_input));
printf("encrypt:\t");
hex_print(enc_out, sizeof(enc_out));
printf("decrypt:\t");
hex_print(dec_out, sizeof(dec_out));
return 0;
}
推荐答案
错误信息说明了一切.
aes_ige.c(88): OpenSSL internal error, assertion failed: (length%AES_BLOCK_SIZE) == 0
这基本上是一个运行时检查(断言),由于提供给函数 AES_ige_encrypt()
的无效输入而失败,="http://fossies.org/dox/openssl-1.0.1e/aes__ige_8c_source.html#l00088" rel="noreferrer">aes_ige.c 的第 88 行.
This is basically a run-time-check (assertion) that fails due to invalid input provided to the function AES_ige_encrypt()
present in the source at line 88 of aes_ige.c.
OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
断言基本上检查length
(传递给函数的第三个参数)是否是AES_BLOCK_SIZE
的整数倍强>.如果是,则继续执行,否则程序停止并打印有关断言失败的警告.
The assertion basically checks if length
(the 3rd parameter passed to the function) is an integral multiple of AES_BLOCK_SIZE
. If yes, the execution continues, otherwise the program halts and prints warning about the assertion having failed.
因此请确保传递给
AES_ige_encrypt()
的数据大小是AES_BLOCK_SIZE
.
如果数据的大小不是整数倍,则在其后面追加NUL
个字节,使总大小成为<的最接近的倍数代码>AES_BLOCK_SIZE.
If size of the data is not an integral multiple, then append NUL
bytes to it to make the total size the nearest multiple of AES_BLOCK_SIZE
.
此外,始终将integral-multiple-of-AES_BLOCK_SIZE
"值作为长度
传递strong> 参数到 AES_ige_encrypt()
.
Also, always pass the "integral-multiple-of-AES_BLOCK_SIZE
" value as the length
parameter to AES_ige_encrypt()
.
这篇关于AES (aes-ige-128, aes-ige-192, aes-ige-256) 使用 openssl C 加密/解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!