openssl3.2 - exp - AES-256-GCM
文章目录
- openssl3.2 - exp - AES-256-GCM
- 概述
- AES-256-GCM加密入参
- AES-256-GCM加密出参
- AES-256-GCM解密入参
- AES-256-GCM解密出参
- 笔记
- END
openssl3.2 - exp - AES-256-GCM
概述
工程中要用到对称加密, 没得选, 要用AES256.
在openssl3.2中, AES256加解密的种类有好多种.
查了资料, 用AE-S256-GCM不错. 如果密文被修改, 就无法解密成功. 不用再另外传HASH给解密一方(让对方自己算是否密文被修改).
AES-256-GCM的明文可以为任意长度, 不需要进行填充对齐(padding).
AES-256-GCM加密入参
PT - 明文
KEY
IV
AAD - 认证数据(双方已经的确定数据), 我这里用的32字节, 等用到的时候, 再试试, 是否可以为不规则长度的数据, 是否有长度限制
AES-256-GCM加密出参
RC - 1为TRUE, 0为失败
CT - 密文
TAG - 16字节, 解密时要用
AES-256-GCM解密入参
CT - 密文
KEY
IV
AAD - 同加密时是一个东西
TAG - 加密出参返回的16个字节的TAG
AES-256-GCM解密出参
CT-PT 解密后的明文
如果密文被修改, 就不可能解密成功
笔记
/*!
* \file main.cpp
* \note openssl3.2 - exp - AES-256-GCM
* AES-256-GCM可以知道密文是否被修改, 而普通的AES-256直接无脑解密
*///! \note assert()只在debug版下生效
//! 如果是release版, 相当于没有assert()括号中的那些内容
//! 所以, 不要将逻辑代码放到断言中. 如果是要加断言, 也要判断逻辑代码执行完后的标记值.#include "my_openSSL_lib.h"
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/core_names.h>#include <stdlib.h>
#include <stdio.h>
#include <assert.h>#include "CMemHookRec.h"void my_openssl_app();// ct means 密文输出
// pt means 明文
// add means 附加认证数据
bool enc_aes_256_gcm(OUT UCHAR* ct, OUT int& len_ct, UCHAR* pt, int len_pt, UCHAR* key, int len_key, UCHAR* iv, int len_iv, UCHAR* aad, int len_aad, OUT UCHAR* tag, IN int len_tag);
bool dec_aes_256_gcm(IN UCHAR* ct, IN int len_ct, OUT UCHAR* pt, OUT int& len_pt, UCHAR* key, int len_key, UCHAR* iv, int len_iv, UCHAR* aad, int len_aad, IN UCHAR* tag, IN int len_tag);int main(int argc, char** argv)
{setvbuf(stdout, NULL, _IONBF, 0); // 清掉stdout缓存, 防止调用printf时阻塞mem_hook();my_openssl_app();mem_unhook();return 0;
}char int2char(int i)
{char c_rc = '\0';i = i % 0x10;if ((i >= 0) && (i <= 9)){c_rc = '0' + i;}else if ((i >= 0x0A) && (i <= 0x0F)){c_rc = 'A' + (i - 0x0A);}else {assert(false);}return c_rc;
}// #define SIM_CT_MODIFY // 定义此宏, 模拟密文被修改后再解密的错误void my_openssl_app()
{ // 算法参数UCHAR gcm_key[32];size_t gcm_keylen = sizeof(gcm_key);UCHAR gcm_iv[32];size_t gcm_ivlen = sizeof(gcm_iv);// 附加认证数据(选择加解密双方都知道的确定数据就行)UCHAR gcm_aad[32];int gcm_addlen = sizeof(gcm_aad);int i_rc = 0;char gcm_pt[4 * 1024 - 3]; // GCM明文int i = 0;char gcm_ct[4 * 1024]; // CGM密文int len_ct = sizeof(gcm_ct);char gcm_ct_pt[4 * 1024]; // CGM密文解密后的明文int len_ct_pt = sizeof(gcm_ct_pt);// 加密时, 返回密文和TAG// 解密时, 要给加密返回的TAGUCHAR gcm_tag[16]; // 单步openssl实现, tag最多16个字节, 否则报错bool b_rc = false;do {// 准备GCM明文for (i = 0; i < sizeof(gcm_pt); i++){gcm_pt[i] = int2char(i);}// 准备gcm keyi_rc = RAND_bytes(gcm_key, sizeof(gcm_key));if (1 != i_rc){assert(false);break;}// 准备gcm ivi_rc = RAND_bytes(gcm_iv, sizeof(gcm_iv));if (1 != i_rc){assert(false);break;}// 初始化aad(实际应用中, 这个gcm_aad是双方都知道的确定数据)i_rc = RAND_bytes(gcm_aad, sizeof(gcm_aad));if (1 != i_rc){assert(false);break;}// 加解密时的入参(key, iv, aad)都是一样的// 加密后, 会返回密文和TAG, tag最多16个字节, tag解密时要用if (!enc_aes_256_gcm((UCHAR*)gcm_ct, len_ct, (UCHAR*)gcm_pt, sizeof(gcm_pt), gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), gcm_aad, sizeof(gcm_aad), gcm_tag, sizeof(gcm_tag))){assert(false);break;}// 解密时, 要给出密文和tag, 返回解密后的明文if (!dec_aes_256_gcm((UCHAR*)gcm_ct, len_ct, (UCHAR*)gcm_ct_pt, len_ct_pt, gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), gcm_aad, sizeof(gcm_aad), gcm_tag, sizeof(gcm_tag))){assert(false);break;}// 比较原始明文和解密后的明文是否一致if (len_ct_pt != sizeof(gcm_pt)){assert(false);break;}i_rc = memcmp(gcm_pt, gcm_ct_pt, sizeof(gcm_pt));if (0 != i_rc){assert(false);break;}#ifdef SIM_CT_MODIFY// 模拟密文被修改的情况, 这时用普通的AES256解密是验证不出来密文是否被修改(都是buffer), 而AES-256-GCM可以// 解密时, 要给出密文和tag, 返回解密后的明文gcm_ct[0] = gcm_ct[0] + 1;// 在dec_aes_256_gcm()中的 EVP_DecryptFinal_ex()处, 就执行失败if (!dec_aes_256_gcm((UCHAR*)gcm_ct, len_ct, (UCHAR*)gcm_ct_pt, len_ct_pt, gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), gcm_aad, sizeof(gcm_aad), gcm_tag, sizeof(gcm_tag))){assert(false);break;}// 比较原始明文和解密后的明文是否一致if (len_ct_pt != sizeof(gcm_pt)){assert(false);break;}i_rc = memcmp(gcm_pt, gcm_ct_pt, sizeof(gcm_pt));if (0 != i_rc){assert(false);break;}
#endif // #ifdef SIM_CT_MODIFYb_rc = true;} while (false);assert(true == b_rc);
}bool enc_aes_256_gcm(OUT UCHAR* ct, OUT int& len_ct, UCHAR* pt, int len_pt, UCHAR* key, int len_key, UCHAR* iv, int len_iv, UCHAR* aad, int len_aad, OUT UCHAR* tag, IN int len_tag)
{// openssl库上下文和属性OSSL_LIB_CTX* libctx = NULL;const char* propq = NULL;// 算法上下文和算法指针EVP_CIPHER_CTX* ctx = NULL;EVP_CIPHER* cipher = NULL;OSSL_PARAM gcm_params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };size_t gcm_ivlen = 0;bool b_rc = false;int i_rc = 0;int tmplen = 0;do {if ((NULL == ct) || (len_ct <= 0) || (NULL == pt) || (len_pt <= 0) || (len_ct < len_pt)){assert(false);break;}if ((NULL == key) || (len_key <= 0) || (NULL == iv) || (len_iv <= 0)){assert(false);break;}ctx = EVP_CIPHER_CTX_new();assert(NULL != ctx);if (NULL == ctx){break;}cipher = EVP_CIPHER_fetch(libctx, "AES-256-GCM", propq);assert(NULL != cipher);if (NULL == cipher){break;}gcm_ivlen = len_iv;gcm_params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, &gcm_ivlen);i_rc = EVP_EncryptInit_ex2(ctx, cipher, key, iv, gcm_params);assert(1 == i_rc);if (1 != i_rc){break;}// set aad to ctxtmplen = 0;i_rc = EVP_EncryptUpdate(ctx, NULL, &tmplen, aad, len_aad);assert(1 == i_rc);if (1 != i_rc){break;}assert(tmplen == len_aad);if (tmplen != len_aad){break;}assert(len_pt <= len_ct);if (len_pt > len_ct){break;}i_rc = EVP_EncryptUpdate(ctx, ct, &len_ct, pt, len_pt);assert(1 == i_rc);if (1 != i_rc){break;}assert(len_ct == len_pt);if (len_ct != len_pt){break;}// get no output's enc texti_rc = EVP_EncryptFinal_ex(ctx, ct + len_ct, &tmplen);assert(1 == i_rc);if (tmplen > 0){len_ct += tmplen;}/* Get tag */// aes-256-gcm加密完, 除了输出密文, 还输出tag.// 输出的密文和tag给解密用gcm_params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, tag, len_tag);i_rc = EVP_CIPHER_CTX_get_params(ctx, gcm_params);assert(1 == i_rc);if (1 != i_rc){break;}b_rc = true;} while (false);if (NULL != cipher){EVP_CIPHER_free(cipher);}if (NULL != ctx){EVP_CIPHER_CTX_free(ctx);}return b_rc;
}bool dec_aes_256_gcm(IN UCHAR* ct, IN int len_ct, OUT UCHAR* pt, OUT int& len_pt, UCHAR* key, int len_key, UCHAR* iv, int len_iv, UCHAR* aad, int len_aad, IN UCHAR* tag, IN int len_tag)
{// openssl库上下文和属性OSSL_LIB_CTX* libctx = NULL;const char* propq = NULL;// 算法上下文和算法指针EVP_CIPHER_CTX* ctx = NULL;EVP_CIPHER* cipher = NULL;OSSL_PARAM gcm_params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };size_t gcm_ivlen = 0;bool b_rc = false;int i_rc = 0;int tmplen = 0;do {if ((NULL == ct) || (len_ct <= 0) || (NULL == pt) || (len_pt <= 0) || (len_ct > len_pt)){assert(false);break;}if ((NULL == key) || (len_key <= 0) || (NULL == iv) || (len_iv <= 0)){assert(false);break;}ctx = EVP_CIPHER_CTX_new();if (NULL == ctx){assert(false);break;}cipher = EVP_CIPHER_fetch(libctx, "AES-256-GCM", propq);if (NULL == cipher){assert(false);break;}gcm_ivlen = len_iv;gcm_params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, &gcm_ivlen);i_rc = EVP_DecryptInit_ex2(ctx, cipher, key, iv, gcm_params);if (1 != i_rc){assert(false);break;}// set aad to ctxtmplen = 0;i_rc = EVP_DecryptUpdate(ctx, NULL, &tmplen, aad, len_aad);if ((1 != i_rc) || (tmplen != len_aad)){assert(false);break;}i_rc = EVP_DecryptUpdate(ctx, pt, &len_pt, ct, len_ct);if (1 != i_rc){assert(false);break;}/* Set expected tag value. */gcm_params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, (void*)tag, len_tag);i_rc = EVP_CIPHER_CTX_set_params(ctx, gcm_params);if (1 != i_rc){assert(false);break;}/* Finalise: note get no output for GCM */i_rc = EVP_DecryptFinal_ex(ctx, pt + len_pt, &tmplen);if (1 != i_rc){// 如果密文被修改, 到这里就有断言assert(false);break;}if (tmplen > 0){len_pt += tmplen;}b_rc = true;} while (false);if (NULL != cipher){EVP_CIPHER_free(cipher);}if (NULL != ctx){EVP_CIPHER_CTX_free(ctx);}return b_rc;
}