使用 ECB 操作模式的 OpenSSL 库进行 AES-256 加密
AES-256 Encryption with OpenSSL library using ECB mode of operation
我正在尝试使用 ECB 模式使用 OpenSSL 库创建 AES 加密示例。很难找到任何文档,尤其是关于 ECB 的文档,所以我举了一个使用 CBC 模式的代码示例,并尝试为 ECB 修改它。我摆脱了 ECB 中不包含的东西,例如初始化向量,并尝试尽可能地修改代码。整理完我运行编译后遇到了一些问题:
AES-256-ECB-Encryption.cpp: In function ‘int encrypt(unsigned char*, int, unsigned char*, unsigned char*)’:
AES-256-ECB-Encryption.cpp:27:63: error: too few arguments to function ‘int EVP_EncryptInit_ex(EVP_CIPHER_CTX*, const EVP_CIPHER*, ENGINE*, const unsigned char*, const unsigned char*)’
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key))
错误说我的参数太少,无法在 int 加密函数中运行。对于 int decrypt 函数,我也有这个错误。我想知道这里是否有人可以帮助我澄清我的问题。我知道 ECB 模式附带的漏洞,但我仍然想熟悉它。另外,我知道密钥不应该硬编码,但我只是想举个例子 运行 确保我的想法是正确的。我正在使用 OpenSSL 中 libcrypto 库的 EVP 对称加密和解密。如果重要的话,我在 Ubuntu 16.0.4。如果有人能阐明我的问题或提供更多关于 ECB 的文档,我们将不胜感激。
谢谢
下面是代码的其余部分:
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <string.h>
void handleErrors(void)
{
ERR_print_errors_fp(stderr);
abort();
}
int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, unsigned char *ciphertext)
{
EVP_CIPHER_CTX *ctx;
int len;
int ciphertext_len;
/* Create and initialise the context */
if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
/* Initialise the encryption operation. IMPORTANT - ensure you use a key
* In this example we are using 256 bit AES (i.e. a 256 bit key).
*/
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key))
handleErrors();
/* Provide the message to be encrypted, and obtain the encrypted output.
* EVP_EncryptUpdate can be called multiple times if necessary
*/
if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
handleErrors();
ciphertext_len = len;
/* Finalise the encryption. Further ciphertext bytes may be written at
* this stage.
*/
if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors();
ciphertext_len += len;
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
return ciphertext_len;
}
int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key, unsigned char *plaintext)
{
EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
/* Create and initialise the context */
if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
/* Initialise the decryption operation. IMPORTANT - ensure you use a key
* In this example we are using 256 bit AES (i.e. a 256 bit key). The
*/
if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key))
handleErrors();
/* Provide the message to be decrypted, and obtain the plaintext output.
* EVP_DecryptUpdate can be called multiple times if necessary
*/
if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
handleErrors();
plaintext_len = len;
/* Finalise the decryption. Further plaintext bytes may be written at
* this stage.
*/
if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) handleErrors();
plaintext_len += len;
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
return plaintext_len;
}
int main (void)
{
/* A 256 bit key */
unsigned char *key = (unsigned char *)"01234567890123456789012345678901";
/* Message to be encrypted */
unsigned char *plaintext =
(unsigned char *)"This is a test.";
/* Buffer for ciphertext. Ensure the buffer is long enough for the
* ciphertext which may be longer than the plaintext, dependant on the
* algorithm and mode
*/
unsigned char ciphertext[128];
/* Buffer for the decrypted text */
unsigned char decryptedtext[128];
int decryptedtext_len, ciphertext_len;
/* Initialise the library */
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
OPENSSL_config(NULL);
/* Encrypt the plaintext */
ciphertext_len = encrypt (plaintext, strlen ((char *)plaintext), key, ciphertext);
/* Do something useful with the ciphertext here */
printf("Ciphertext is:\n");
BIO_dump_fp (stdout, (const char *)ciphertext, ciphertext_len);
/* Decrypt the ciphertext */
decryptedtext_len = decrypt(ciphertext, ciphertext_len, key,
decryptedtext);
/* Add a NULL terminator. Expecting printable text */
decryptedtext[decryptedtext_len] = '[=11=]';
/* Show the decrypted text */
printf("Decrypted text is:\n");
printf("%s\n", decryptedtext);
/* Clean up */
EVP_cleanup();
ERR_free_strings();
return 0;
}
该函数有 5 个参数,为 iv 参数传递 NULL。
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, NULL))
来自docs:
int EVP_EncryptInit_ex( EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *type,
ENGINE *impl,
unsigned char *key,
unsigned char *iv);
作为老绝地大师@zaph,冷静地指示@akfe79“相信错误信息”。
我正在尝试使用 ECB 模式使用 OpenSSL 库创建 AES 加密示例。很难找到任何文档,尤其是关于 ECB 的文档,所以我举了一个使用 CBC 模式的代码示例,并尝试为 ECB 修改它。我摆脱了 ECB 中不包含的东西,例如初始化向量,并尝试尽可能地修改代码。整理完我运行编译后遇到了一些问题:
AES-256-ECB-Encryption.cpp: In function ‘int encrypt(unsigned char*, int, unsigned char*, unsigned char*)’:
AES-256-ECB-Encryption.cpp:27:63: error: too few arguments to function ‘int EVP_EncryptInit_ex(EVP_CIPHER_CTX*, const EVP_CIPHER*, ENGINE*, const unsigned char*, const unsigned char*)’
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key))
错误说我的参数太少,无法在 int 加密函数中运行。对于 int decrypt 函数,我也有这个错误。我想知道这里是否有人可以帮助我澄清我的问题。我知道 ECB 模式附带的漏洞,但我仍然想熟悉它。另外,我知道密钥不应该硬编码,但我只是想举个例子 运行 确保我的想法是正确的。我正在使用 OpenSSL 中 libcrypto 库的 EVP 对称加密和解密。如果重要的话,我在 Ubuntu 16.0.4。如果有人能阐明我的问题或提供更多关于 ECB 的文档,我们将不胜感激。
谢谢
下面是代码的其余部分:
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <string.h>
void handleErrors(void)
{
ERR_print_errors_fp(stderr);
abort();
}
int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, unsigned char *ciphertext)
{
EVP_CIPHER_CTX *ctx;
int len;
int ciphertext_len;
/* Create and initialise the context */
if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
/* Initialise the encryption operation. IMPORTANT - ensure you use a key
* In this example we are using 256 bit AES (i.e. a 256 bit key).
*/
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key))
handleErrors();
/* Provide the message to be encrypted, and obtain the encrypted output.
* EVP_EncryptUpdate can be called multiple times if necessary
*/
if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
handleErrors();
ciphertext_len = len;
/* Finalise the encryption. Further ciphertext bytes may be written at
* this stage.
*/
if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors();
ciphertext_len += len;
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
return ciphertext_len;
}
int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key, unsigned char *plaintext)
{
EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
/* Create and initialise the context */
if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
/* Initialise the decryption operation. IMPORTANT - ensure you use a key
* In this example we are using 256 bit AES (i.e. a 256 bit key). The
*/
if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key))
handleErrors();
/* Provide the message to be decrypted, and obtain the plaintext output.
* EVP_DecryptUpdate can be called multiple times if necessary
*/
if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
handleErrors();
plaintext_len = len;
/* Finalise the decryption. Further plaintext bytes may be written at
* this stage.
*/
if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) handleErrors();
plaintext_len += len;
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
return plaintext_len;
}
int main (void)
{
/* A 256 bit key */
unsigned char *key = (unsigned char *)"01234567890123456789012345678901";
/* Message to be encrypted */
unsigned char *plaintext =
(unsigned char *)"This is a test.";
/* Buffer for ciphertext. Ensure the buffer is long enough for the
* ciphertext which may be longer than the plaintext, dependant on the
* algorithm and mode
*/
unsigned char ciphertext[128];
/* Buffer for the decrypted text */
unsigned char decryptedtext[128];
int decryptedtext_len, ciphertext_len;
/* Initialise the library */
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
OPENSSL_config(NULL);
/* Encrypt the plaintext */
ciphertext_len = encrypt (plaintext, strlen ((char *)plaintext), key, ciphertext);
/* Do something useful with the ciphertext here */
printf("Ciphertext is:\n");
BIO_dump_fp (stdout, (const char *)ciphertext, ciphertext_len);
/* Decrypt the ciphertext */
decryptedtext_len = decrypt(ciphertext, ciphertext_len, key,
decryptedtext);
/* Add a NULL terminator. Expecting printable text */
decryptedtext[decryptedtext_len] = '[=11=]';
/* Show the decrypted text */
printf("Decrypted text is:\n");
printf("%s\n", decryptedtext);
/* Clean up */
EVP_cleanup();
ERR_free_strings();
return 0;
}
该函数有 5 个参数,为 iv 参数传递 NULL。
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, NULL))
来自docs:
int EVP_EncryptInit_ex( EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *type,
ENGINE *impl,
unsigned char *key,
unsigned char *iv);
作为老绝地大师@zaph,冷静地指示@akfe79“相信错误信息”。