常用的openssl函数
base64解编码
- 依次调用EVP_DecodeInit(), EVP_DecodeUpdate(), EVP_DecodeFinal(),与md5和sha1类似,适用于数据量特别大时,分段解码,通过多次调用EVP_DecodeUpdate()实现。
- 调用int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);这两个函数都是一次性使用的,注意下返回值是解码后的结果长度,因此返回值大于等于0时,解编码成功。
bool base64Decode(const string& strSrc, string& strDest)
{
char* szBuffer = new char[strSrc.length()];
if (EVP_DecodeBlock((unsigned char*)szBuffer, (const unsigned char*)strSrc.c_str(), strSrc.length()) <= 0)
{
return false;
}
strDest = szBuffer;
delete[] szBuffer;
szBuffer = NULL;
}
AES加解密
AES加解密最关键的函数:
加密
int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key);
将密钥初始化成AES_KEY结构,注意第二个参数是bit数,而不是字节数。
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key, const int enc);
//sKey是经过base64编码过的key,如果key没有经过base64
int AesEncryptEcb(const string &sKey, const string &sSrc, string &sDst)
{
int nRet;
//base64解码
string sAesKey;
if ((nRet = DecodeBase64(sKey, sAesKey)) != CK_OK)
return nRet;
const unsigned int uKeySize = static_cast<unsigned int>(sAesKey.size());
if (uKeySize != 16 && uKeySize != 24 && uKeySize != 32) //必须是 128/192/256 bits
return CK_AESKYE_Invalid;
//初始化key
AES_KEY key;
AES_set_encrypt_key(reinterpret_cast<const unsigned char*>(sAesKey.data()),
static_cast<int>(8 * uKeySize),
&key);
//追加padding, PKCS7方式
size_t padding = uKeySize - sSrc.size() % uKeySize;
string sCopy(sSrc);
sCopy.append(padding, static_cast<char>(padding));
//分组加密
std::vector<unsigned char> sRst(sCopy.size());
for (size_t i = 0; i < sCopy.size(); i += AES_BLOCK_SIZE)
{
AES_ecb_encrypt(reinterpret_cast<const unsigned char *>(sCopy.data() + i), &sRst[i], &key, AES_ENCRYPT);
}
sDst.assign(sRst.begin(), sRst.end());
return CK_OK;
}
//------------------------------------------------------------------------------
int AesDecryptEcb(const string &sKey, const string &sSrc, string &sDst)
{
int nRet;
//base64解码
string sAesKey;
if ((nRet = DecodeBase64(sKey, sAesKey)) != CK_OK)
return nRet;
const unsigned int uKeySize = static_cast<unsigned int>(sAesKey.size());
if (uKeySize != 16 && uKeySize != 24 && uKeySize != 32) //必须是 128/192/256 bits
return CK_AESKYE_Invalid;
//初始化key
AES_KEY key;
AES_set_decrypt_key(reinterpret_cast<const unsigned char*>(sAesKey.data()),
static_cast<int>(8 * uKeySize),
&key);
//解密
std::vector<unsigned char> sRst(sSrc.size());
for (size_t i = 0; i < sSrc.size(); i += AES_BLOCK_SIZE)
{
AES_ecb_encrypt(reinterpret_cast<const unsigned char *>(sSrc.data() + i), &sRst[i], &key, AES_DECRYPT);
}
//去掉padding
const size_t pads = sRst[sRst.size() - 1];
if (pads > 0 && pads <= uKeySize && ((sRst.size() - pads) > 0))
{
sDst.assign(sRst.begin(), sRst.end() - pads);
return CK_OK;
}
return CK_AESData_Invalid;
}