调用openssl实现加解密算法
由于工作中涉及到加解密,包括Hash(SHA256)算法、HMAC_SHA256 算法、ECDH算法、ECC签名算法、AES/CBC 128算法一共涉及5类算法,笔者通过查询发现openssl库以上算法都支持,索性借助openssl库实现上述5类算法。笔者用的openssl库版本为 OpenSSL 1.1.1k 。
Hash(SHA256)算法
算法代码如下:
#include <openssl/sha.h>
#include <iostream>
#include <iomanip>
#include <sstream>
#include <vector>
// 将字节数组转换为十六进制字符串
// 将字节数组转换为十六进制字符串
std::string bytesToHex(const unsigned char* bytes, size_t length) {
std::stringstream ss;
ss << std::hex << std::setfill('0');
for (size_t i = 0; i < length; ++i) {
ss << std::setw(2) << (int)bytes[i];
}
return ss.str();
}
int main() {
// 原数据
const std::string data = "6572B36A91E28FB900134C3010C445437DC04D04";
// 创建一个SHA256上下文
SHA256_CTX sha256;
SHA256_Init(&sha256);
// 更新上下文以包含要哈希的数据
SHA256_Update(&sha256, data.c_str(), data.size());
// 计算哈希值
unsigned char hash[SHA256_DIGEST_LENGTH];
SHA256_Final(hash, &sha256);
// 将哈希值转换为十六进制字符串并输出
std::string hashHex = bytesToHex(hash, SHA256_DIGEST_LENGTH);
std::cout << "SHA256 hash: " << hashHex << std::endl;
return 0;
}
运行结果如下:
HMAC_SHA256 算法
算法代码如下:
#include <openssl/hmac.h>
#include <iostream>
#include <iomanip>
#include <sstream>
#include <cstring>
// 将字节数组转换为十六进制字符串
std::string bytesToHex(const unsigned char* bytes, size_t length) {
std::stringstream ss;
ss << std::hex << std::setfill('0');
for (size_t i = 0; i < length; ++i) {
ss << std::setw(2) << (int)bytes[i];
}
return ss.str();
}
int main() {
// 要进行HMAC的数据
const std::string data = "374D34303534424E39323330351000FFFFFFFFFF";
// HMAC的密钥
const std::string key = "c0df3585876ac6bb02bf6347b3654993";
// 输出缓冲区
unsigned char* hmacResult = new unsigned char[EVP_MAX_MD_SIZE];
unsigned int hmacLen = 0;
// 使用HMAC_SHA256进行计算
HMAC_CTX* hmacCtx = HMAC_CTX_new();
HMAC_Init_ex(hmacCtx, key.data(), key.size(), EVP_sha256(), NULL);
HMAC_Update(hmacCtx, (unsigned char*)data.data(), data.size());
HMAC_Final(hmacCtx, hmacResult, &hmacLen);
// 将HMAC结果转换为十六进制字符串并输出
std::string hmacHex = bytesToHex(hmacResult, hmacLen);
std::cout << "HMAC_SHA256: " << hmacHex << std::endl;
// 清理资源
HMAC_CTX_free(hmacCtx);
delete[] hmacResult;
return 0;
}
执行结果如下:
ECDH算法
这个算法没有找到网页端的在线工具验证,但是笔者根据我们这次给的案例验证如下:
笔者感觉上述给的最终生成的会话秘钥应该有问题,生成的会话秘钥应该是256bit。
算法代码如下:
#include <openssl/ec.h>
#include <openssl/bn.h>
#include <openssl/pem.h>
#include <iostream>
#include <iomanip>
#include <sstream>
using namespace std;
// 辅助函数,用于将十六进制字符串转换为 BIGNUM
BIGNUM* hex_to_BN(const std::string& hex) {
BIGNUM* bn = BN_new();
if (!BN_hex2bn(&bn, hex.c_str())) {
BN_free(bn);
throw std::runtime_error("Failed to convert hex to BIGNUM");
}
return bn;
}
// 辅助函数,用于打印会话密钥
void print_session_key(const unsigned char* key, size_t key_len) {
std::stringstream ss;
ss << "Session Key: ";
for (size_t i = 0; i < key_len; ++i) {
ss << std::hex << std::setw(2) << std::setfill('0') << (int)key[i];
}
std::cout << ss.str() << std::endl;
}
int main() {
// 私钥十六进制串
std::string privateKeyHex = "5904507894591f4b39308a51d5e2e25566a66366b1d6d952fba17de3af19235f";
// 对端公钥十六进制串
std::string publicKeyHex = "04fef2f1a2a0df9f75cda6e36268b7f62749cae378b7a5b9f311add58beaeadf3e49e41ac2acede766a21feaf354119f70ec3587f1054a1286ba08a1d866ef40ed";
// 创建 EC_KEY 对象,使用 secp256r1 曲线
EC_KEY* eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (!eckey) {
std::cerr << "Error creating EC key with secp256r1 curve" << std::endl;
return 1;
}
// 设置私钥
BIGNUM* privateKeyBN = hex_to_BN(privateKeyHex);
if (!EC_KEY_set_private_key(eckey, privateKeyBN)) {
std::cerr << "Error setting private key" << std::endl;
BN_free(privateKeyBN);
EC_KEY_free(eckey);
return 1;
}
BN_free(privateKeyBN); // EC_KEY_set_private_key 会复制 BN,所以可以安全释放
// 解析对端公钥
const EC_GROUP* group = EC_KEY_get0_group(eckey);
EC_POINT* pubKeyPoint = EC_POINT_new(group);
if (!EC_POINT_hex2point(group, publicKeyHex.c_str(), pubKeyPoint, NULL)) {
std::cerr << "Error parsing public key" << std::endl;
EC_POINT_free(pubKeyPoint);
EC_KEY_free(eckey);
return 1;
}
// 执行 ECDH 密钥交换
unsigned char* session_key1 = (unsigned char*)OPENSSL_malloc(32);
if (session_key1 == NULL) {
std::cerr << "Error allocating memory for session keys" << std::endl;
OPENSSL_free(session_key1);
EC_KEY_free(eckey);
return 1;
}
int ret = ECDH_compute_key(session_key1, 32, pubKeyPoint, eckey, NULL);
if (ret < 0) {
std::cerr << "Error computing shared secret" << std::endl;
OPENSSL_free(session_key1);
EC_POINT_free(pubKeyPoint);
EC_KEY_free(eckey);
return 1;
}
// 将共享密钥转换为十六进制字符串并打印
print_session_key(session_key1, 32);
// 清理资源
OPENSSL_free(session_key1);
EC_POINT_free(pubKeyPoint);
EC_KEY_free(eckey);
return 0;
}
执行结果为:
ECC签名算法
算法代码如下:
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/obj_mac.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <iostream>
#include <vector>
#include <cstring>
// 将十六进制字符串转换为字节数组
std::vector<unsigned char> hex2bytes(const std::string& hex) {
std::vector<unsigned char> bytes;
for (size_t i = 0; i < hex.length(); i += 2) {
std::string byteString = hex.substr(i, 2);
unsigned char byte = (unsigned char) strtol(byteString.c_str(), nullptr, 16);
bytes.push_back(byte);
}
return bytes;
}
// 验证ECDSA签名
bool verify_ecdsa_signature(const std::string& public_key_hex, const std::string& data_hex, const std::string& signature_hex) {
// 将十六进制字符串转换为字节数组
std::vector<unsigned char> public_key_bytes = hex2bytes(public_key_hex);
std::vector<unsigned char> data_bytes = hex2bytes(data_hex);
std::vector<unsigned char> signature_bytes = hex2bytes(signature_hex);
// 创建EC_KEY对象
EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (!ec_key) {
std::cerr << "Failed to create EC_KEY" << std::endl;
return false;
}
// 从字节数组中解析公钥
const unsigned char* p = public_key_bytes.data();
ec_key = o2i_ECPublicKey(&ec_key, &p, public_key_bytes.size());
if (!ec_key) {
std::cerr << "Failed to parse public key" << std::endl;
EC_KEY_free(ec_key);
return false;
}
// 计算数据的哈希值(假设使用SHA-256)
unsigned char hash[SHA256_DIGEST_LENGTH];
SHA256_CTX sha256;
SHA256_Init(&sha256);
SHA256_Update(&sha256, data_bytes.data(), data_bytes.size());
SHA256_Final(hash, &sha256);
// 验证签名
ECDSA_SIG* ec_sig = ECDSA_SIG_new();
const unsigned char* sig = signature_bytes.data();
ec_sig = d2i_ECDSA_SIG(&ec_sig, &sig, signature_bytes.size());
if (!ec_sig) {
std::cerr << "Failed to parse signature" << std::endl;
EC_KEY_free(ec_key);
return false;
}
int verify_result = ECDSA_do_verify(hash, SHA256_DIGEST_LENGTH, ec_sig, ec_key);
if (verify_result != 1) {
std::cerr << "Signature verification failed" << std::endl;
ECDSA_SIG_free(ec_sig);
EC_KEY_free(ec_key);
return false;
}
// 释放资源
ECDSA_SIG_free(ec_sig);
EC_KEY_free(ec_key);
return true;
}
int main() {
// 公钥、数据和签名的十六进制字符串
std::string public_key_hex = "0467BF4978CB114972AE0AF84E22FD4099D1FF045F88830C41D9AC5CC4B4EBA17F8D1AB65884368BD47E1EF8A28A33EEE92BB6409AFB5217E0F120866B85913E0B";
std::string data_hex = "03";
std::string signature_hex = "3044022023FAE603D8A64BF004DCC56BCFD904F2E2E4AFCBD9DDF1F2C6F4EE1A4D7A1F3C0220708D8D63FBCD6BCA61B8827280F628074759C77104952307DD9C407F5B0B2C2D";
// 验证签名
bool is_valid = verify_ecdsa_signature(public_key_hex, data_hex, signature_hex);
if (is_valid) {
std::cout << "Signature is valid" << std::endl;
} else {
std::cout << "Signature is invalid" << std::endl;
}
return 0;
}执行结果如下:
AES/CBC128算法
算法代码如下:
#include <openssl/aes.h>
#include <iostream>
#include <cstring>
// 假设你的数据长度总是16字节的倍数
void aes_cbc_128_encrypt_nopadding(const unsigned char* key, unsigned char* iv,
const unsigned char* input, unsigned char* output, size_t length) {
AES_KEY aesKey;
AES_set_encrypt_key(key, 256, &aesKey); // 设置256位AES加密密钥
// 由于我们假设输入数据长度是16字节的倍数,我们可以直接加密
for (size_t i = 0; i < length; i += AES_BLOCK_SIZE) {
AES_cbc_encrypt(input + i, output + i, AES_BLOCK_SIZE, &aesKey, iv, AES_ENCRYPT);
// 更新IV,对于CBC模式,每个块的IV是上一个块的密文
std::memcpy(iv, output + i, AES_BLOCK_SIZE);
}
}
// 解密函数,使用256位AES密钥和CBC模式
void aes_cbc_128_decrypt_nopadding(const unsigned char* key, const unsigned char* iv,
const unsigned char* input, unsigned char* output, size_t length) {
AES_KEY aesKey;
AES_set_decrypt_key(key, 256, &aesKey);
// 在CBC模式下,解密时需要一个临时的IV,因为它会在解密过程中被更新
unsigned char temp_iv[AES_BLOCK_SIZE];
std::memcpy(temp_iv, iv, AES_BLOCK_SIZE);
for (size_t i = 0; i < length; i += AES_BLOCK_SIZE) {
AES_cbc_encrypt(input + i, output + i, AES_BLOCK_SIZE, &aesKey, temp_iv, AES_DECRYPT);
// 更新临时IV为下一个块的密文(实际上是上一个块的明文)
std::memcpy(temp_iv, input + i, AES_BLOCK_SIZE);
}
}
// 将十六进制字符串转换为字节数组
std::string hex2str(const std::string& hex) {
std::string retStr;
for (size_t i = 0; i < hex.length(); i += 2) {
std::string byteString = hex.substr(i, 2);
unsigned char byte = (unsigned char) strtol(byteString.c_str(), nullptr, 16);
retStr += byte;
}
return retStr;
}
int main() {
// 256位(32字节)的AES密钥
const std::string keyhex = "c5ba9981452fa728a10794730919aaa747ca54df2f21fab685bbd0fdb53f05fb";
const std::string keystr = hex2str(keyhex);
// 初始化向量(IV),需要与密钥长度相同,即16字节
unsigned char iv[AES_BLOCK_SIZE] = {0x00};
// 要加密的数据(确保长度是16字节的倍数)
const std::string plaintexthex = "313131313131313131313131313131313232323232323232323232323232323230450221009F9B7BC16546FDFA85866AFE2761FAF6C1B018C99E6B7C6339FF47BA126E01990220558339565F469C3AD4EBA77AEE5C22C7C464449D6395FBC1158F1B589569336980000000000000000000000000000000000000000000000000";
const std::string plaintext = hex2str(plaintexthex); // 正好是16字节
unsigned char input[plaintext.size()], key[2 * AES_BLOCK_SIZE];
std::copy(plaintext.begin(), plaintext.end(), input);
std::copy(keystr.begin(), keystr.end(), key);
// 输出缓冲区
unsigned char output[plaintext.size()];
unsigned char in2put[plaintext.size()];
// 调用加密函数
aes_cbc_128_encrypt_nopadding(key, iv, input, output, plaintext.size());
// 输出加密后的数据(以十六进制形式)
std::cout << "加密数据 :";
for (size_t i = 0; i < plaintext.size(); ++i) {
printf("%02x", output[i]);
}
std::cout << std::endl;
memset(iv, 0, AES_BLOCK_SIZE);
// 调用解密函数
aes_cbc_128_decrypt_nopadding(key, iv, output, in2put, plaintext.size());
// 输出加密后的数据(以十六进制形式)
std::cout << "解密数据 :";
for (size_t i = 0; i < plaintext.size(); ++i) {
printf("%02x", in2put[i]);
}
std::cout << std::endl;
return 0;
}
执行结果如下:
