AES CTR 256加密OpenSSL上的操作模式

Question

我是OpenSSL的新手,任何人都可以给我一个如何从C文件初始化AES CTR模式的提示.我知道这是方法的签名但是我遇到了参数问题,没有很多文档也没有明确的例子如何进行简单的加密.如果有人可以举例说明这种方法,我将不胜感激.提前致谢!

void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
    const unsigned long length, const AES_KEY *key,
    unsigned char ivec[AES_BLOCK_SIZE],
    unsigned char ecount_buf[AES_BLOCK_SIZE],
    unsigned int *num);

Hi Caf我非常感谢你的快速回答它真的很有用,并且是我在网上找到的最好的例子.我试图打开与未定长度的文件进行加密和写入与生成密文的另一个文件,然后打开加密的文件,并恢复明文.我需要使用相当数量MB的文件,因为我想对CPU的性能进行基准测试.但是我在解密时仍然遇到问题.不知何故,当解密一个相当大的txt文件(1504KB)时,它不会解密它完成,我得到一半的明文,另一半仍然加密.我认为这可能与iv的大小或我打电话给柜台的方式有关.这是我到目前为止:

#include <openssl/aes.h>
#include <stdio.h>
#include <string.h>

struct ctr_state { 
    unsigned char ivec[16];   
    unsigned int num; 
    unsigned char ecount[16]; 
}; 

FILE *fp;
FILE *rp;
FILE *op;
size_t count;   
char * buffer; 
AES_KEY key; 

int bytes_read, bytes_written;   
unsigned char indata[AES_BLOCK_SIZE]; 
unsigned char outdata[AES_BLOCK_SIZE];  
unsigned char ckey[] =  "thiskeyisverybad"; // It is 128bits though..
unsigned char iv[8] = {0};//This should be generated by RAND_Bytes I will take into    consideration your previous post
struct ctr_state state;   

int init_ctr(struct ctr_state *state, const unsigned char iv[8]){     
    state->num = 0; 
    memset(state->ecount, 0, 16);      
    memset(state->ivec + 8, 0, 8);  
    memcpy(state->ivec, iv, 8); 
} 

void encrypt(){ 
  //Opening files where text plain text is read and ciphertext stored      
  fp=fopen("input.txt","a+b");
  op=fopen("output.txt","w");
  if (fp==NULL) {fputs ("File error",stderr); exit (1);}   
  if (op==NULL) {fputs ("File error",stderr); exit (1);}      

  //Initializing the encryption KEY
  AES_set_encrypt_key(ckey, 128, &key); 

  //Encrypting Blocks of 16 bytes and writing the output.txt with ciphertext  
 while (1) {     
    init_ctr(&state, iv); //Counter call
    bytes_read = fread(indata, 1, AES_BLOCK_SIZE, fp); 
    AES_ctr128_encrypt(indata, outdata, bytes_read, &key, state.ivec, state.ecount, &state.num);    
    bytes_written = fwrite(outdata, 1, bytes_read, op); 
    if (bytes_read < AES_BLOCK_SIZE) 
    break; 
  }   

  fclose (fp); 
  fclose (op);
  free (buffer); 
}

void decrypt(){
  //Opening files where text cipher text is read and the plaintext recovered         
  rp=fopen("recovered.txt","w");
  op=fopen("output.txt","a+b");
  if (rp==NULL) {fputs ("File error",stderr); exit (1);}   
  if (op==NULL) {fputs ("File error",stderr); exit (1);} 

  //Initializing the encryption KEY
  AES_set_encrypt_key(ckey, 128, &key); 

  //Encrypting Blocks of 16 bytes and writing the output.txt with ciphertext   
  while (1) {     
    init_ctr(&state, iv);//Counter call
    bytes_read = fread(indata, 1, AES_BLOCK_SIZE, op);  
    AES_ctr128_encrypt(indata, outdata, bytes_read, &key, state.ivec, state.ecount, &state.num); 
    bytes_written = fwrite(outdata, 1, bytes_read, rp); 
    if (bytes_read < AES_BLOCK_SIZE) 
    break; 
    }   
  fclose (rp); 
  fclose (op);
  free (buffer); 
}

int main(int argc, char *argv[]){  
  encrypt();  
  //decrypt(); 
  system("PAUSE");  
  return 0;
}

每个加密和解密函数都在不同的运行中调用,因此所有内容都始终使用相同的值进行初始化.再次感谢您提前提供给我的提示和问候!

Answer 1

通常,您打算AES_ctr128_encrypt()重复调用以使用相同的密钥和IV以及递增计数器发送多条消息.这意味着你需要跟踪调用之间的'ivec','num'和'ecount'值 - 所以创建一个struct来保存它们,以及一个初始化函数:

struct ctr_state {
    unsigned char ivec[16];  /* ivec[0..7] is the IV, ivec[8..15] is the big-endian counter */
    unsigned int num;
    unsigned char ecount[16];
};

int init_ctr(struct ctr_state *state, const unsigned char iv[8])
{
    /* aes_ctr128_encrypt requires 'num' and 'ecount' set to zero on the
     * first call. */
    state->num = 0;
    memset(state->ecount, 0, 16);

    /* Initialise counter in 'ivec' to 0 */
    memset(state->ivec + 8, 0, 8);

    /* Copy IV into 'ivec' */
    memcpy(state->ivec, iv, 8);
}

现在,当您开始与目标进行通信时,您需要生成要使用的IV并初始化计数器:

unsigned char iv[8];
struct ctr_state state;

if (!RAND_bytes(iv, 8))
    /* Handle the error */;

init_ctr(&state, iv);

然后,您需要将8字节IV发送到目标.您还需要AES_KEY从原始密钥字节初始化:

AES_KEY aes_key;

if (!AES_set_encrypt_key(key, 128, &aes_key))
    /* Handle the error */;

您现在可以开始加密数据并将其发送到目的地,重复调用AES_ctr128_encrypt()如下:

if (!AES_ctr128_encrypt(msg_in, msg_out, msg_len, &aes_key, state->ivec, state->ecount, &state->num))
    /* Handle the error */;

(msg_in是指向包含明文消息msg_out的缓冲区的指针,是指向加密消息应该到达的缓冲区的指针,并且msg_len是消息长度).

解密是完全相同的,除了你没有生成IV RAND_bytes()- 相反,你取得另一方给你的值.

重要:

1. 难道不叫init_ctr()在加密过程中不止一次.计数器和IV必须在加密开始之前初始化一次.

2. 在任何情况下都不要试图RAND_bytes()在加密端以外的任何地方获取IV .不要将其设置为固定值; 不要使用哈希函数; 不要使用收件人的姓名; 不要从磁盘读取它.生成它RAND_bytes()并将其发送到目的地.无论何时从零计数器开始,您都必须从一个以前从未使用过的全新IV开始.

3. 如果您可能在不更改IV和/或密钥的情况下发送2**64字节,则需要测试计数器溢出.

4. 不要忽略错误检查.如果一个函数失败而你忽略它,很可能(甚至可能)你的系统似乎正常运行,但实际上将完全不安全地运行.