我要评论我的:codetoys,所有代码都将会位于ctfc库中。已经放入库中我会指出在库中的位置。
这些代码大部分以linux为目标但部分代码是纯c++的,可以在任何平台上使用。
这是一个基于openssl的aes-cbc加密的例子,其中cbc是自行实现的,原因是openssl的cbc始终有问题,可能是我还没做对吧。这个例程的目的是对配置数据加密,不用于对外交换,所以cbc有没写对我也不能担保——反正这个程序自己加密的自己解密是没问题的。
目录
5.2 加密解密aes_encrypt/aes_decrypt
1 介绍
这个例程是基于centos7/8的,64位,openssl大概是1.1,我也在windows上做了测试,代码可能需要修改,cbc的问题同样存在(所以我就放弃解决了,自己写了一个)。
使用openssl需要头文件位置和库,如果头文件安装到标准位置则不需要-i参数,库是 -lssl -lcrypt
2 代码概要
//需要的openssl的两个头文件
#include <openssl/aes.h>
#include <openssl/rand.h>
class cmyopenssl
{
private:
//用来输出十六进制数据
static void show_buf(char const* title, unsigned char const* buf, int len)
{
。。。。。。
}
//需要一个从用户密码生成密钥的函数
//这个函数我没写,有标准算法从密码生成密钥,类似于对密码进行哈希
public:
//这就是一般所说的“盐”
class iv
{
private:
unsigned char iv[aes_block_size * 5];//其实不需要*5,但我原来就是这么写的,为了调试吧
public:
//执行异或
static void xor(unsigned char const * iv,unsigned char* data)
{
。。。。。。
}
//用随机数设置
void create()
{
。。。。。。
}
。。。。。。
};
//由于网上的例子也一样无法解密,所以自行实现cbc
static void my_aes_cbc_encrypt(const unsigned char* in, unsigned char* out, size_t length, const aes_key* key, unsigned char* ivec, const int enc)
{
。。。。。。
}
//aes加密
static int aes_encrypt(unsigned char const* userpasswd, int userpasswd_len, vector<unsigned char> const& in_plain, vector<unsigned char>& out_ciphertext, iv& iv)
{
。。。。。。
}
//aes解密
static int aes_decrypt(unsigned char const* userpasswd, int userpasswd_len, vector<unsigned char> const& in_ciphertext, vector<unsigned char>& out_plain, iv& iv)
{
。。。。。。
}
//保护数据,用密码加密并做格式转换
static bool protect_encode(cbuffer const& passwd, cbuffer const& input, cbuffer& output)
{
。。。。。。
}
//保护数据,用密码加密并做格式转换
static bool protect_decode(cbuffer const& passwd, cbuffer const& input, cbuffer& output)
{
。。。。。。
}
//下面两个就是网上别人写的程序,一样得不到正确结果
// a simple hex-print routine. could be modified to print 16 bytes-per-line
static void hex_print(const void* pv, size_t len)
{
。。。。。。
}
// main entrypoint
static int a()
{
。。。。。。
}
//测试代码
static bool aes_test()
{
。。。。。。
}
};
主要函数如下:
my_aes_cbc_encrypt 我自己写的aes-cbc加密和解密,调用了openssl的aes_encrypt和aes_decrypt,想学习aes怎么用看看这个函数就可以了
aes_encrypt aes加密,调用了openssl的aes_set_encrypt_key和我自己写的my_aes_cbc_encrypt,为了方便把明文长度作为第一个数据块
aes_decrypt aes解密,调用了openssl的aes_set_decrypt_key和我自己写的my_aes_cbc_encrypt
protect_encode和protect_decode是我自己写的加密配置数据的方法,完全是自定义的
a 是网上找来的测试代码,证明aes-cbc确实有问题,不是我一个人的问题
3 主要代码
下面是主要代码,上面有一些注释是我临时加的,不在完整代码里面,还有一些辅助类后面列出。
#include <openssl/aes.h>
#include <openssl/rand.h>
class cmyopenssl
{
private:
static unsigned char const ver;
static void show_buf(char const* title, unsigned char const* buf, int len)
{
cout << title << " ";
for (int i = 0; i < len; ++i)
{
cout << hex << setw(2) << setfill('0') << (unsigned int)buf[i] << " ";
}
cout << endl;
}
//需要一个从用户密码生成密钥的函数
public:
class iv
{
private:
unsigned char iv[aes_block_size * 5];
public:
iv()
{
memset(iv, 0, aes_block_size * 5);
}
//执行异或
static void xor(unsigned char const * iv,unsigned char* data)
{
//show_buf("iv ", iv, aes_block_size);
//show_buf("data", data, aes_block_size);
for (int i = 0; i < aes_block_size; ++i)
{
data[i] ^= iv[i];
}
//show_buf("data", data, aes_block_size);
}
int size()const
{
return aes_block_size;
}
//用随机数设置
void create()
{
time_t t = time(null);
srand(t);
for (int i = 0; i < aes_block_size; i += sizeof(int))
{
int a = rand();
memcpy(iv + i, &a, sizeof(int));
}
}
void set(unsigned char const* a)
{
memcpy(iv, a, aes_block_size);
}
//注意,会修改内容
unsigned char* get()
{
//show_buf("", iv, aes_block_size * 2);
return iv;
}
};
//由于网上的例子也一样无法解密,所以自行实现cbc
static void my_aes_cbc_encrypt(const unsigned char* in, unsigned char* out, size_t length, const aes_key* key, unsigned char* ivec, const int enc)
{
for (int i = 0; i < length; i += aes_block_size)
{
if (aes_encrypt == enc)
{
unsigned char tmpin[aes_block_size];
memcpy(tmpin, in + i, aes_block_size);
iv::xor(ivec, tmpin);
aes_encrypt(tmpin, out + i, key);
memcpy(ivec, out + i, aes_block_size);
}
else
{
unsigned char tmpiv[aes_block_size];
memcpy(tmpiv, in + i, aes_block_size);
aes_decrypt(in + i, out + i, key);
iv::xor(ivec, out + i);
memcpy(ivec, tmpiv, aes_block_size);
}
}
}
static int aes_encrypt(unsigned char const* userpasswd, int userpasswd_len, vector<unsigned char> const& in_plain, vector<unsigned char>& out_ciphertext, iv& iv)
{
out_ciphertext.clear();
unsigned char userkey[32];//必须是16/24/32
memset((void*)userkey, '\0', 32);
memcpy(userkey, userpasswd, (userpasswd_len > 32 ? 32 : userpasswd_len));
/*设置加密key及密钥长度*/
aes_key key;
if (aes_set_encrypt_key(userkey, 32 * 8, &key) < 0)
{
return __line__;
}
int len = 0;
/*循环加密,每次只能加密aes_block_size长度的数据*/
out_ciphertext.reserve(in_plain.size() + aes_block_size);
while (len < in_plain.size())
{
if (0 == len)
{//第一个块是明文长度
out_ciphertext.resize(out_ciphertext.size() + aes_block_size);
unsigned char tmp[aes_block_size];
memset((void*)tmp, '\0', aes_block_size);
long tmp_len = in_plain.size();
memcpy(tmp, &tmp_len, sizeof(long));
//show_buf("明文长度加密前 ", tmp, aes_block_size);
my_aes_cbc_encrypt(tmp, &out_ciphertext[out_ciphertext.size() - aes_block_size], aes_block_size, &key, iv.get(), aes_encrypt);
//show_buf("明文长度加密后", &out_ciphertext[out_ciphertext.size() - aes_block_size], aes_block_size);
}
out_ciphertext.resize(out_ciphertext.size() + aes_block_size);
if (in_plain.size() - len < aes_block_size)
{
unsigned char tmp[aes_block_size];
memset((void*)tmp, '\0', aes_block_size);
memcpy(tmp, &in_plain[len], in_plain.size() - len);
my_aes_cbc_encrypt(tmp, &out_ciphertext[out_ciphertext.size() - aes_block_size], aes_block_size, &key, iv.get(), aes_encrypt);
}
else
{
my_aes_cbc_encrypt(&in_plain[len], &out_ciphertext[out_ciphertext.size() - aes_block_size], aes_block_size, &key, iv.get(), aes_encrypt);
}
len += aes_block_size;
}
return 0;
}
static int aes_decrypt(unsigned char const* userpasswd, int userpasswd_len, vector<unsigned char> const& in_ciphertext, vector<unsigned char>& out_plain, iv& iv)
{
out_plain.clear();
unsigned char userkey[32];//必须是16/24/32
memset((void*)userkey, '\0', 32);
memcpy(userkey, userpasswd, (userpasswd_len > 32 ? 32 : userpasswd_len));
/*设置解密key及密钥长度*/
aes_key key;
if (aes_set_decrypt_key(userkey, 32 * 8, &key) < 0)
{
return __line__;
}
int len = 0;
/*循环解密*/
out_plain.reserve(in_ciphertext.size());
long out_len = 0;//原始长度,放在第一个加密块
while (len < in_ciphertext.size())
{
if (0 == len)
{//第一个块是明文长度
unsigned char tmp[aes_block_size];
//show_buf("明文长度解密前", &in_ciphertext[len], aes_block_size);
my_aes_cbc_encrypt(&in_ciphertext[len], tmp, aes_block_size, &key, iv.get(), aes_decrypt);
//show_buf("明文长度解密后", tmp, aes_block_size);
memcpy(&out_len, tmp, sizeof(long));
//thelog << "明文长度应该是 " << out_len << endi;
len += aes_block_size;
}
out_plain.resize(out_plain.size() + aes_block_size);
my_aes_cbc_encrypt(&in_ciphertext[len], &out_plain[out_plain.size() - aes_block_size], aes_block_size, &key, iv.get(), aes_decrypt);
len += aes_block_size;
}
//恢复原始长度
if (out_plain.size() > out_len)out_plain.resize(out_len);
return 0;
}
//保护数据,用密码加密并做格式转换
static bool protect_encode(cbuffer const& passwd, cbuffer const& input, cbuffer& output)
{
output.setsize(0);
iv iv;
iv.create();
cbuffer tmp;
tmp.adddata(&ver, 1);//第一个字节是版本
tmp.adddata(iv.get(), iv.size());//然后是iv,必须在加密之前保存,加密之后会改变
//加密
vector<unsigned char> in_plain;
in_plain.resize(input.size());
memcpy(&in_plain[0], input.data(), input.size());
vector<unsigned char> out_ciphertext;
aes_encrypt(passwd.data(), passwd.size(), in_plain, out_ciphertext, iv);
thelog << out_ciphertext.size() << endi;
//添加加密后数据
tmp.adddata(&out_ciphertext[0], out_ciphertext.size());
thelog << tmp.size() << endi;
output.reserve(tmp.size() * 4 / 3 + 4 + 1);//三字节转为4字节,编码函数在最后还会加上一个字符串结束符
thelog << output.capacity() << " " << output.size() << endi;
int n = cbase64::base64enc(output.lockbuffer(), tmp.data(), tmp.size());
output.releasebuffer();
if (n > output.capacity())thelog << "长度不足" << ende;
output.setsize(n);
thelog << output.size() << " [" << output.data() << "]" << endi;
return true;
}
//保护数据,用密码加密并做格式转换
static bool protect_decode(cbuffer const& passwd, cbuffer const& input, cbuffer& output)
{
output.setsize(0);
cbuffer tmp;
//这里导致了奇怪的内存错误,实际并不需要这么长
tmp.reserve(input.size() + 100);//实际需要的是4转3,解码函数最后会加上一个字符串结束符
//thelog << input.size() << " " << tmp.capacity() << " " << tmp.size() << endi;
int n = cbase64::base64dec(tmp.lockbuffer(), input.data(), input.size());
tmp.releasebuffer();
if (n<0 || n > tmp.capacity())thelog << "长度不足" << ende;
tmp.setsize(n);
if (tmp.data()[0] != ver)
{
thelog << "加密版本错误" << ende;
return false;
}
else
{
//thelog << "加密版本 " << (int)tmp.data()[0]<<" " << (int)ver << ende;
}
iv iv;
iv.set(tmp.data() + 1);
vector<unsigned char> in_plain;
in_plain.resize(tmp.size() - 1 - iv.size());
memcpy(&in_plain[0], tmp.data() + 1 + iv.size(), tmp.size() - 1 - iv.size());
//thelog << tmp.size() << " " << in_plain.size() << endi;
vector<unsigned char> out_ciphertext;
aes_decrypt(passwd.data(), passwd.size(), in_plain, out_ciphertext, iv);
output.adddata(&out_ciphertext[0], out_ciphertext.size());
return true;
}
// a simple hex-print routine. could be modified to print 16 bytes-per-line
static void hex_print(const void* pv, size_t len)
{
const unsigned char* p = (const unsigned char*)pv;
if (null == pv) {
printf("null");
}
else {
size_t i = 0;
for (; i < len; ++i) {
printf("%02x ", *p++);
}
}
printf("\n");
}
// main entrypoint
static int a()
{
int const keylength = 128;
/* generate a key with a given length */
unsigned char aes_key[keylength / 8];
memset(aes_key, 0, keylength / 8);
if (!rand_bytes(aes_key, keylength / 8)) {
exit(-1);
}
size_t const inputslength = 16;
/* generate input with a given length */
unsigned char aes_input[inputslength];
memset(aes_input, 1, inputslength);
/* init vector */
unsigned char iv_enc[aes_block_size], iv_dec[aes_block_size];
rand_bytes(iv_enc, aes_block_size);
memcpy(iv_dec, iv_enc, aes_block_size);
// buffers for encryption and decryption
const size_t encslength = ((inputslength + aes_block_size) / aes_block_size) * aes_block_size;
unsigned char enc_out[encslength];
unsigned char dec_out[inputslength];
memset(enc_out, 0, sizeof(enc_out));
memset(dec_out, 0, sizeof(dec_out));
// so i can do with this aes-cbc-128 aes-cbc-192 aes-cbc-256
aes_key enc_key, dec_key;
aes_set_encrypt_key(aes_key, keylength, &enc_key);
aes_cbc_encrypt(aes_input, enc_out, inputslength, &enc_key, iv_enc, aes_encrypt);
aes_set_decrypt_key(aes_key, keylength, &dec_key);
aes_cbc_encrypt(enc_out, dec_out, encslength, &dec_key, iv_dec, aes_decrypt);
printf("original:\t");
hex_print(aes_input, sizeof(aes_input));
printf("encrypt:\t");
hex_print(enc_out, sizeof(enc_out));
printf("decrypt:\t");
hex_print(dec_out, sizeof(dec_out));
return 0;
}
static bool aes_test()
{
if (true)
{
unsigned char userkey[32];//必须是16/24/32
memset((void*)userkey, '\0', 32);
memcpy(userkey, "12345", 5);
aes_key key;
if (aes_set_encrypt_key(userkey, 16 * 8, &key) < 0)
{
return __line__;
}
unsigned char iv[aes_block_size];
unsigned char data[aes_block_size];
memset(data, 1, aes_block_size);
unsigned char data2[aes_block_size];
memset(data2, 0, aes_block_size);
unsigned char data3[aes_block_size * 3];
memset(data3, 0, aes_block_size * 3);
memset(iv, 0, aes_block_size);
show_buf("简单输入 ", data, aes_block_size);
show_buf("iv ", iv, aes_block_size);
aes_cbc_encrypt(data, data2, aes_block_size, &key, iv, aes_encrypt);
show_buf("加密后 ", data2, aes_block_size);
show_buf("iv ", iv, aes_block_size);
if (aes_set_decrypt_key(userkey, 16 * 8, &key) < 0)
{
return __line__;
}
memset(iv, 0, aes_block_size);
show_buf("解密前 ", data2, aes_block_size);
show_buf("iv ", iv, aes_block_size);
aes_cbc_encrypt(data2, data3, aes_block_size, &key, iv, aes_decrypt);
show_buf("简单输出 ", data3, aes_block_size * 3);
show_buf("iv ", iv, aes_block_size);
a();
}
if (true)
{
string passwd = "13579";
vector<unsigned char> plaintext;
for (int i = 0; i < 65; ++i)
{
plaintext.push_back(i);
}
vector<unsigned char> out;
iv iv;
iv.create();
iv iv2;
iv2.set(iv.get());
//show_buf("初始iv", iv.get(), iv.size());
aes_encrypt((unsigned char*)passwd.c_str(), passwd.size(), plaintext, out, iv);
vector<unsigned char> plaintext2;
//show_buf("初始iv", iv2.get(), iv2.size());
aes_decrypt((unsigned char*)passwd.c_str(), passwd.size(), out, plaintext2, iv2);
thelog << plaintext.size() << " " << out.size() << " " << plaintext2.size() << endi;
printf("plantext2: \n");
for (int i = 0; i < plaintext2.size(); i++)
{
printf("%.2x ", plaintext2[i]);
if ((i + 1) % 32 == 0)
{
printf("\n");
}
}
printf("\n");
}
if (true)
{
try
{
char const* plaintext = "1234567890";
cbuffer pass;
cbuffer in;
cbuffer out;
pass.setdata("123");
in.setdata(plaintext);
thelog << in.data() << endi;
protect_encode(pass, in, out);
thelog << out.size() << " [" << out.data() << "]" << endi;
cbuffer out2;
if (!protect_decode(pass, out, out2))thelog << "解码失败" << ende;
thelog << out2.data() << endi;
if (0 == strcmp(plaintext, (char*)out2.data()))
{
thelog << "匹配成功" << endi;
}
else
{
thelog << "匹配失败" << ende;
}
//out2.lockbuffer();
//out2.setsize(10240);
}
catch (...)
{
thelog << "异常发生" << ende;
}
}
return true;
}
};
4 辅助代码
thelog可以替换为cout,endi、ende可以替换为endl。
cbuffer就是个包装的缓冲区,代码如下:
//内部隐含保持一个结束符,不计算在容量和大小之内,确保数据可以被当作字符串使用
class cbuffer
{
private:
string name;
unsigned char* p = null;
size_t buffer_size = 0;
size_t data_size = 0;
bool blockbuffer = false;
void _init()
{
static int i = 0;
char buf[64];
sprintf(buf, "cbuffer%d", i++);
name = buf;
if (p)throw "p不为空指针";
p = new unsigned char[1];
if (!p)throw "内存不足";
p[0] = '\0';
buffer_size = 0;
}
public:
cbuffer()
{
_init();
}
cbuffer(cbuffer const & tmp)
{
_init();
setdata(tmp.data(), tmp.data_size);
}
cbuffer & operator=(cbuffer const & tmp)
{
_init();
setdata(tmp.data(), tmp.data_size);
return *this;
}
~cbuffer()
{
//cout << "~cbuffer " << name <<" "<<(long)p<<" "<< buffer_size<<" "<<data_size << endl;
if (p)delete[]p;
data_size = 0;
buffer_size = 0;
p = null;
}
size_t capacity()const { return buffer_size; }
size_t size()const { return data_size; }
unsigned char const * data()const { return p; }
unsigned char* lockbuffer()
{
blockbuffer = true;
return p;
}
void releasebuffer() { blockbuffer = false; }
void setsize(long s)
{
reserve(s);
p[s] = '\0';
data_size = s;
}
bool reserve(size_t n)
{
if (n > buffer_size)
{
if (blockbuffer)
{
cout << "缓冲区已锁定" << endl;
throw "缓冲区已锁定";
}
//cout << name << " "<< "reserve " << (long)p << " " << buffer_size << " " << data_size << endl;
//cout << name<<"需要扩展 " << buffer_size << " -> " << n << endl;
unsigned char * p2 = new unsigned char[n + 1];
if (p2)
{
if (p)
{
memmove(p2, p, data_size);
delete[]p;
}
buffer_size = n;
p2[data_size] = '\0';
p = p2;
//cout << name<< "扩展成功 " << buffer_size << " -> " << n << endl;
return true;
}
else
{
//cout << name<<"扩展失败 " << buffer_size << " -> " << n << endl;
return false;
}
}
return true;
}
bool adddata(void const * data, long len)
{
if (!reserve(data_size + len))return false;
memmove(p + data_size, data, len);
setsize(data_size + len);
return true;
}
bool setdata(char const * sz)
{
setsize(0);
return adddata((void *)sz, strlen(sz));
}
bool setdata(unsigned char const* sz, long len)
{
return setdata((char const*)sz,len);
}
bool setdata(char const* sz, long len)
{
setsize(0);
return adddata((void *)sz, len);
}
bool compare(cbuffer const & tmp)const
{
if (data_size != tmp.data_size)return false;
if (data_size > 0)return 0 == memcmp(tmp.data(), data(), data_size);
else return true;
}
};
cbase64是base64编码,代码如下:
class cbase64
{
public:
static int base64enc(unsigned char *buf, unsigned char const *text,int size)
{
static unsigned char const * base64_encoding = (unsigned char const*)"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789+/";
int buflen = 0;
while(size>0)
{
*buf++ = base64_encoding[ (text[0] >> 2 ) & 0x3f];
if(size>2)
{
*buf++ = base64_encoding[((text[0] & 3) << 4) | (text[1] >> 4)];
*buf++ = base64_encoding[((text[1] & 0xf) << 2) | (text[2] >> 6)];
*buf++ = base64_encoding[text[2] & 0x3f];
}
else
{
switch(size)
{
case 1:
*buf++ = base64_encoding[(text[0] & 3l) << 4l ];
*buf++ = '=';
*buf++ = '=';
break;
case 2:
*buf++ = base64_encoding[((text[0] & 3) << 4) | (text[1] >> 4)];
*buf++ = base64_encoding[((text[1] & 0x0f) << 2) | (text[2] >> 6)];
*buf++ = '=';
break;
}
}
text +=3;
size -=3;
buflen +=4;
}
*buf = 0;
return buflen;
}
//base64解码的实现
static unsigned char getbase64value(unsigned char ch)
{
if ((ch >= 'a') && (ch <= 'z'))
return ch - 'a';
if ((ch >= 'a') && (ch <= 'z'))
return ch - 'a' + 26;
if ((ch >= '0') && (ch <= '9'))
return ch - '0' + 52;
switch (ch)
{
case '+':
return 62;
case '/':
return 63;
case '=': /* base64 padding */
return 0;
default:
return 0;
}
}
//进行base64解码输入应该是4的倍数(根据mime标准)
//如果不是4倍数返回错误
//注意 如果是最后一个字符 那么长度不准备 可能会多1
//返回buf长度
static int base64dec(unsigned char *buf, unsigned char const *text,int size)
{
if(size%4)
return -1;
unsigned char chunk[4];
int parsenum=0;
while(size>0)
{
chunk[0] = getbase64value(text[0]);
chunk[1] = getbase64value(text[1]);
chunk[2] = getbase64value(text[2]);
chunk[3] = getbase64value(text[3]);
*buf++ = (chunk[0] << 2) | (chunk[1] >> 4);
*buf++ = (chunk[1] << 4) | (chunk[2] >> 2);
*buf++ = (chunk[2] << 6) | (chunk[3]);
text+=4;
size-=4;
parsenum+=3;
}
buf[parsenum]='\0';
return parsenum;
}
};
5 openssl的aes用法
5.1 设置key
加密解密的密钥存储为aes_key,需要通过aes_set_encrypt_key或aes_set_decrypt_key来设置:
static int aes_encrypt(unsigned char const* userpasswd, int userpasswd_len, vector<unsigned char> const& in_plain, vector<unsigned char>& out_ciphertext, iv& iv)
{
out_ciphertext.clear();
unsigned char userkey[32];//必须是16/24/32
memset((void*)userkey, '\0', 32);
memcpy(userkey, userpasswd, (userpasswd_len > 32 ? 32 : userpasswd_len));
/*设置加密key及密钥长度*/
aes_key key;
if (aes_set_encrypt_key(userkey, 32 * 8, &key) < 0)
{
return __line__;
}
。。。。。。注意加密和解密的函数是不一样的。
5.2 加密解密aes_encrypt/aes_decrypt
这两个函数非常简单,参数只有输入、输出、key,简单明了。
(这里是文档结束)
发表评论