使用AES_ *函数和EVP_ *函数进行加密 [英] Encryption using AES_* functions and EVP_* functions
问题描述
我有一些使用openssl( AES _ *
)函数加密的数据。我想更新这个代码使用较新的( EVP _ *
)函数。但应该能够解密使用旧代码加密的数据。
我在下面粘贴了旧代码和新代码。加密/解密的内容不同。即我不能互换使用它们。这意味着我无法升级代码,而无需使用旧代码解密,然后重新加密。
参数有任何值 EVP_BytesToKey
,使得 aes_key
派生在两种情况下都是相同的。或者有任何其他方法来完成相同使用( EVP _ *
)函数?我尝试了 digest
, rounds
的几个不同的值,并尝试 iv NULL
,但没有真正工作,即它不提供与旧方法相同的输出。
代码使用 AES _ *
函数
#include< stdio.h>
#include< openssl / aes.h>
#include< print_util.h>
static const unsigned char user_key [] = {
0x00,0x01,0x02,0x03,
0x10,0x11,0x12,0x13,
0x20,0x21,0x22 ,0x23,
0x30,0x31,0x32,0x33
};
int main()
{
unsigned char p_text [] =plain text;
unsigned char c_text [16];
unsigned char d_text [16];
AES_KEY aes_key;
AES_set_encrypt_key(user_key,128,&aes_key);
AES_encrypt(p_text,c_text,& aes_key);
printf(plain text =%s\\\
,p_text);
printbuf((char *)c_text,16,cipher text =);
AES_set_decrypt_key(user_key,128,&aes_key);
AES_decrypt(c_text,d_text,& aes_key);
printf(plain text(decryptpted)=%s \\\
,d_text);
return 0;
}
使用 EVP _ *
函数。 (加密代码如下,解密代码类似)。
#include< strings.h>
#include< openssl / evp.h>
#include< print_util.h>
static const unsigned char user_key [16] = {
0x00,0x01,0x02,0x03,
0x10,0x11,0x12,0x13,
0x20,0x21, 0x22,0x23,
0x30,0x31,0x32,0x33
};
int main()
{
EVP_CIPHER_CTX * ctx =(EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(ctx);
const EVP_CIPHER * cipher = EVP_aes_128_ecb(); // key size 128,mode ecb
const EVP_MD * digest = EVP_md5();
int rounds = 10;
unsigned char aes_key [EVP_MAX_KEY_LENGTH];
unsigned char aes_iv [EVP_MAX_IV_LENGTH];
EVP_BytesToKey(cipher,digest,NULL,user_key,16,rounds,aes_key,aes_iv);
EVP_EncryptInit(ctx,cipher,aes_key,aes_iv);
unsigned char p_text [] =plain text; int p_len = sizeof(p_text);
unsigned char c_text [16]; int c_len = 16;
int t_len;
EVP_EncryptUpdate(ctx,c_text,& c_len,p_text,p_len);
EVP_EncryptFinal(ctx,(c_text + c_len),& t_len);
c_len + = t_len;
printf(==> p_text:%s\\\
,p_text);
printbuf((char *)c_text,c_len,==> c_text:);
}
感谢
您的 AES _ *
代码中没有任何密钥派生,因此您不应使用任何密钥派生,例如<$ c
<$ c> $ c> $ c> EVP_BytesToKey p>没有,没有办法使
EVP_BytesToKey
输出与上述相同的密钥,因为加密散列用于生成输出。 I have some data that was encrypted using the openssl (AES_*
) functions. I want update this code to use the newer (EVP_*
) functions. But should be able to decrypt data that was encrypted using the old code.
I've pasted below both the old and the new code. The encrypted/decrypted contents are different. i.e. I can't use them interchangeably. This means I can't upgrade the code without having to decrypt using the old code and then re-encrypt.
Are there any values for the parameters to EVP_BytesToKey
so that aes_key
derived is the same in both cases. Or is there any other way to accomplish the same using the (EVP_*
) functions? I've tried several different values for digest
, rounds
and tried making iv NULL
, but didn't really work i.e. it doesn't provide the same output as the old method.
The code using the AES_*
functions
#include <stdio.h>
#include <openssl/aes.h>
#include <print_util.h>
static const unsigned char user_key[] = {
0x00, 0x01, 0x02, 0x03,
0x10, 0x11, 0x12, 0x13,
0x20, 0x21, 0x22, 0x23,
0x30, 0x31, 0x32, 0x33
};
int main()
{
unsigned char p_text[]="plain text";
unsigned char c_text[16];
unsigned char d_text[16];
AES_KEY aes_key;
AES_set_encrypt_key(user_key, 128, &aes_key);
AES_encrypt(p_text, c_text, &aes_key);
printf("plain text = %s\n", p_text);
printbuf((char*)c_text, 16, "cipher text = ");
AES_set_decrypt_key(user_key, 128, &aes_key);
AES_decrypt(c_text, d_text, &aes_key);
printf("plain text (decrypted) = %s \n", d_text);
return 0;
}
The code using the EVP_*
functions. (Encryption code is below and the decryption code is similar).
#include <strings.h>
#include <openssl/evp.h>
#include <print_util.h>
static const unsigned char user_key[16] = {
0x00, 0x01, 0x02, 0x03,
0x10, 0x11, 0x12, 0x13,
0x20, 0x21, 0x22, 0x23,
0x30, 0x31, 0x32, 0x33
};
int main()
{
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(ctx);
const EVP_CIPHER *cipher = EVP_aes_128_ecb(); // key size 128, mode ecb
const EVP_MD *digest = EVP_md5();
int rounds = 10;
unsigned char aes_key[EVP_MAX_KEY_LENGTH];
unsigned char aes_iv[EVP_MAX_IV_LENGTH];
EVP_BytesToKey(cipher, digest, NULL, user_key, 16, rounds, aes_key, aes_iv);
EVP_EncryptInit(ctx, cipher, aes_key, aes_iv);
unsigned char p_text[]="plain text"; int p_len = sizeof(p_text);
unsigned char c_text[16]; int c_len = 16;
int t_len;
EVP_EncryptUpdate(ctx, c_text, &c_len, p_text, p_len);
EVP_EncryptFinal(ctx, (c_text + c_len), &t_len);
c_len += t_len;
printf("==> p_text: %s\n", p_text);
printbuf((char*)c_text, c_len, "==> c_text:");
}
Thanks
You don't have any key derivation in your AES_*
code, so you should not use any key derivation such as EVP_BytesToKey
in your new EVP_
code if you want to stay fully compatible.
And no, there is no way to make EVP_BytesToKey
output the same key as above, because a cryptographic hash is used to generate the output.
这篇关于使用AES_ *函数和EVP_ *函数进行加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!