|
OpenSSL VPN Serveurs de messagerie |
OpenSSL/AES-CBC-EVPOpenSSL.AES-CBC-EVP HistoryHide minor edits - Show changes to output Changed lines 1-2 from:
(:keywords openssl, aes, cipher:) (:description to:
(:keywords openssl, aes, cipher,AES_cbc_encrypt,EVP_Encrypt :) (:description These samples show how to use AES_cbc_encrypt and EVP_Encrypt API :) Changed lines 2-3 from:
(:description to:
(:description II► Arnaud Grandville Consulting, Lille, conseils et intégration de solutions informatiques :) Added lines 1-3:
(:keywords openssl, aes, cipher:) (:description »»» Arnaud Grandville Consulting, Lille, conseils et intégration de solutions informatiques :) Changed lines 29-30 from:
to:
#define BIG_TEST_SIZE 10240 Changed lines 59-60 from:
to:
Changed line 3 from:
Deux to:
Deux API de chiffrement AES:\\ Changed lines 5-6 from:
- EVP_Encrypt to:
- EVP_Encrypt\\ Cette dernière API intégre deux fonctions intéressantes :\\ - Fournir la taille de la chaine d'origine surtout utile lorsque le cryptage utilise un padding\\ - Valide que la clef de décryptage est celle attendue.\\ Changed lines 159-160 from:
to:
outlen2+=tmplen; hexdump(stdout, "checktext", outbuf2, outlen2); EVP_CIPHER_CTX_cleanup(&x); Added lines 1-154:
'+Chiffrement AES+' Deux méthodes de chiffrement AES:\\ - AES_cbc_encrypt\\ - EVP_Encrypt \\ \\ '+Méthode avec AES_cbc_encrypt+' (:source lang=C :) #include <openssl/aes.h> #include <openssl/evp.h> #include <stdio.h> #include <openssl/sha.h> #include <openssl/rand.h> #include <Windows.h> #include <assert.h> #include <openssl/err.h> static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) { int n=0; fprintf(f,"%s",title); for( ; n < l ; ++n) { if((n%16) == 0) fprintf(f,"\n%04x",n); fprintf(f," %02x",s[n]); } fprintf(f,"\n"); } int main(int argc, char* argv[]) { const KEYSIZE=AES_BLOCK_SIZE; char rkey[KEYSIZE+1]; char rkey2[KEYSIZE+1]; AES_KEY key; AES_KEY key2; char plaintext[BIG_TEST_SIZE]; char ciphertext[BIG_TEST_SIZE]; char checktext[BIG_TEST_SIZE]; char iv[AES_BLOCK_SIZE*4]; char saved_iv[AES_BLOCK_SIZE*4]; int err = 0; int n; unsigned matches; RAND_pseudo_bytes((unsigned char*)rkey, sizeof rkey); strcpy(iv,"0123456789012345"); memcpy(saved_iv, iv, sizeof saved_iv); strcpy((char*)plaintext,"string to make the random number generator think it has entropy"); // Straight encrypt AES_set_encrypt_key((unsigned char*)rkey, 8*KEYSIZE, &key); hexdump(stdout, "plaintext", (unsigned char*)plaintext, strlen(plaintext)); AES_cbc_encrypt((unsigned char*)plaintext, (unsigned char*)ciphertext, strlen(plaintext), &key, (unsigned char*)iv,AES_ENCRYPT); hexdump(stdout, "ciphertext", (unsigned char*)ciphertext, strlen(plaintext)); // Straight decrypt AES_set_decrypt_key((unsigned char*)rkey, 8*KEYSIZE, &key); memcpy(iv, saved_iv, sizeof iv); AES_cbc_encrypt((unsigned char*)ciphertext, (unsigned char*)checktext, strlen(plaintext), &key, (unsigned char*)iv,AES_DECRYPT); hexdump(stdout, "checktext", (unsigned char*)checktext, strlen(plaintext)); return 0; } (:sourcend:) '+Méthode avec EVP+' (:source lang=C :) #include <openssl/aes.h> #include <openssl/evp.h> #include <stdio.h> #include <openssl/sha.h> #include <openssl/rand.h> #include <Windows.h> #include <assert.h> #include <openssl/err.h> static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) { int n=0; fprintf(f,"%s",title); for( ; n < l ; ++n) { if((n%16) == 0) fprintf(f,"\n%04x",n); fprintf(f," %02x",s[n]); } fprintf(f,"\n"); } int main(int argc, char* argv[]) { unsigned char outbuf2[1024]; unsigned char outbuf[1024]; int outlen, outlen2, tmplen; unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; unsigned char iv[] = {1,2,3,4,5,6,7,8}; char intext[] = "string to make the random number generator think it has entropy"; hexdump(stdout, "plaintext", (unsigned char*)intext, strlen(intext)); // Straight encrypt EVP_CIPHER_CTX x; EVP_CIPHER_CTX_init(&x); if(!EVP_EncryptInit_ex(&x, EVP_aes_128_cbc(), NULL, key, iv)) printf("\n ERROR!! \n"); if(!EVP_EncryptUpdate(&x, outbuf, &outlen,(const unsigned char*) intext, strlen(intext))) printf("\n ERROR!! \n"); if(!EVP_EncryptFinal_ex(&x,outbuf+outlen,&tmplen)) printf("\n ERROR!! \n"); outlen+=tmplen; hexdump(stdout, "ciphertext", outbuf, outlen); EVP_CIPHER_CTX_cleanup(&x); // Straight decrypt tmplen=0; outlen2=0; EVP_CIPHER_CTX_init(&x); EVP_DecryptInit_ex(&x, EVP_aes_128_cbc(), NULL, key, iv); if(!EVP_DecryptUpdate(&x, outbuf2, &outlen2,(const unsigned char*) outbuf, outlen)) printf("\n ERROR!! \n"); if(!EVP_DecryptFinal_ex(&x, outbuf2 + outlen2, &tmplen)){ unsigned long error, reason,err; char buf[128]; error = ERR_peek_error(); reason = ERR_GET_REASON(error); //EVP_R_BAD_DECRYPT ERR_error_string_n(reason,buf,128); printf("%s",buf); } hexdump(stdout, "checktext", outbuf2, outlen2+tmplen); } (:sourcend:) |