使用AES_ *函数和EVP_ *函数进行加密 [英] Encryption using AES_* functions and EVP_* functions
问题描述
我有一些使用openssl( AES _ * )函数加密的数据。我想更新这个代码使用较新的( EVP _ * )函数。但应该能够解密使用旧代码加密的数据。
我在下面粘贴了旧代码和新代码。加密/解密的内容不同。即我不能互换使用它们。这意味着我无法升级代码,而无需使用旧代码解密,然后重新加密。
参数有任何值 EVP_BytesToKey ,使得 aes_key 派生在两种情况下都是相同的。或者有任何其他方法来完成相同使用( EVP _ * )函数?我尝试了 digest , rounds 的几个不同的值,并尝试 iv NULL ,但没有真正工作,即它不提供与旧方法相同的输出。
代码使用 AES _ * 函数
#include< stdio.h>
#include< openssl / aes.h>
#include< print_util.h>
static const unsigned char user_key [] = {
0x00,0x01,0x02,0x03,
0x10,0x11,0x12,0x13,
0x20,0x21,0x22 ,0x23,
0x30,0x31,0x32,0x33
};
int main()
{
unsigned char p_text [] =plain text;
unsigned char c_text [16];
unsigned char d_text [16];
AES_KEY aes_key;
AES_set_encrypt_key(user_key,128,&aes_key);
AES_encrypt(p_text,c_text,& aes_key);
printf(plain text =%s\\\
,p_text);
printbuf((char *)c_text,16,cipher text =);
AES_set_decrypt_key(user_key,128,&aes_key);
AES_decrypt(c_text,d_text,& aes_key);
printf(plain text(decryptpted)=%s \\\
,d_text);
return 0;
}
使用 EVP _ * 函数。 (加密代码如下,解密代码类似)。
#include< strings.h>
#include< openssl / evp.h>
#include< print_util.h>
static const unsigned char user_key [16] = {
0x00,0x01,0x02,0x03,
0x10,0x11,0x12,0x13,
0x20,0x21, 0x22,0x23,
0x30,0x31,0x32,0x33
};
int main()
{
EVP_CIPHER_CTX * ctx =(EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(ctx);
const EVP_CIPHER * cipher = EVP_aes_128_ecb(); // key size 128,mode ecb
const EVP_MD * digest = EVP_md5();
int rounds = 10;
unsigned char aes_key [EVP_MAX_KEY_LENGTH];
unsigned char aes_iv [EVP_MAX_IV_LENGTH];
EVP_BytesToKey(cipher,digest,NULL,user_key,16,rounds,aes_key,aes_iv);
EVP_EncryptInit(ctx,cipher,aes_key,aes_iv);
unsigned char p_text [] =plain text; int p_len = sizeof(p_text);
unsigned char c_text [16]; int c_len = 16;
int t_len;
EVP_EncryptUpdate(ctx,c_text,& c_len,p_text,p_len);
EVP_EncryptFinal(ctx,(c_text + c_len),& t_len);
c_len + = t_len;
printf(==> p_text:%s\\\
,p_text);
printbuf((char *)c_text,c_len,==> c_text:);
}
感谢
您的 AES _ * 代码中没有任何密钥派生,因此您不应使用任何密钥派生,例如<$ c
<$ c> $ c> $ c> EVP_BytesToKey p>没有,没有办法使
EVP_BytesToKey 输出与上述相同的密钥,因为加密散列用于生成输出。 I have some data that was encrypted using the openssl (AES_*) functions. I want update this code to use the newer (EVP_*) functions. But should be able to decrypt data that was encrypted using the old code.
I've pasted below both the old and the new code. The encrypted/decrypted contents are different. i.e. I can't use them interchangeably. This means I can't upgrade the code without having to decrypt using the old code and then re-encrypt.
Are there any values for the parameters to EVP_BytesToKey so that aes_key derived is the same in both cases. Or is there any other way to accomplish the same using the (EVP_*) functions? I've tried several different values for digest, rounds and tried making iv NULL, but didn't really work i.e. it doesn't provide the same output as the old method.
The code using the AES_* functions
#include <stdio.h>
#include <openssl/aes.h>
#include <print_util.h>
static const unsigned char user_key[] = {
0x00, 0x01, 0x02, 0x03,
0x10, 0x11, 0x12, 0x13,
0x20, 0x21, 0x22, 0x23,
0x30, 0x31, 0x32, 0x33
};
int main()
{
unsigned char p_text[]="plain text";
unsigned char c_text[16];
unsigned char d_text[16];
AES_KEY aes_key;
AES_set_encrypt_key(user_key, 128, &aes_key);
AES_encrypt(p_text, c_text, &aes_key);
printf("plain text = %s\n", p_text);
printbuf((char*)c_text, 16, "cipher text = ");
AES_set_decrypt_key(user_key, 128, &aes_key);
AES_decrypt(c_text, d_text, &aes_key);
printf("plain text (decrypted) = %s \n", d_text);
return 0;
}
The code using the EVP_* functions. (Encryption code is below and the decryption code is similar).
#include <strings.h>
#include <openssl/evp.h>
#include <print_util.h>
static const unsigned char user_key[16] = {
0x00, 0x01, 0x02, 0x03,
0x10, 0x11, 0x12, 0x13,
0x20, 0x21, 0x22, 0x23,
0x30, 0x31, 0x32, 0x33
};
int main()
{
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(ctx);
const EVP_CIPHER *cipher = EVP_aes_128_ecb(); // key size 128, mode ecb
const EVP_MD *digest = EVP_md5();
int rounds = 10;
unsigned char aes_key[EVP_MAX_KEY_LENGTH];
unsigned char aes_iv[EVP_MAX_IV_LENGTH];
EVP_BytesToKey(cipher, digest, NULL, user_key, 16, rounds, aes_key, aes_iv);
EVP_EncryptInit(ctx, cipher, aes_key, aes_iv);
unsigned char p_text[]="plain text"; int p_len = sizeof(p_text);
unsigned char c_text[16]; int c_len = 16;
int t_len;
EVP_EncryptUpdate(ctx, c_text, &c_len, p_text, p_len);
EVP_EncryptFinal(ctx, (c_text + c_len), &t_len);
c_len += t_len;
printf("==> p_text: %s\n", p_text);
printbuf((char*)c_text, c_len, "==> c_text:");
}
Thanks
You don't have any key derivation in your AES_* code, so you should not use any key derivation such as EVP_BytesToKey in your new EVP_ code if you want to stay fully compatible.
And no, there is no way to make EVP_BytesToKey output the same key as above, because a cryptographic hash is used to generate the output.
这篇关于使用AES_ *函数和EVP_ *函数进行加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
