请问用调用openssl的api来及使用openssl的命令行工具进行AES加密,密文为什么不一致
请问用调用openssl的api来及使用openssl的命令行工具进行AES加密,密文为什么不一致?
我使用了三种方式来对同一字符串进行AES加密,
a 使用 openssl命令行工具.
b 使用java的javax.crypto这个包的相关类.
c 使用openssl的c语言api函数.
结果,a与b得到相同的密文结果(输入相同的key及iv),而c与a(b)密文结果不同.
a,b,c方式都是可以自己加解密的.
因为我要保证这三种方式任意一种都可以解密另一种加密过的密文,所以我要确保密文结果相同。
我觉得是c方式写的代码问题,因为a与b可以得到相同的密文。请问问题在哪?
------------------------------------------------
测试环境是centos,openssl版本1.0.0f
方式a
下面是我用命令行工具时使用的命令
[root@COS56DEV-64 ~]# cat e.shopenssl enc -aes-128-cbc -e -a -in pt.txt -out ct.txt -K 01020304050607080900010203040506 -iv 01020304050607080900010203040506 -p
#include <stdio.h>#include <string.h>#include <stdlib.h>#include <openssl/aes.h>int main(int argc, char** argv) { AES_KEY aes; unsigned char key[AES_BLOCK_SIZE]; // AES_BLOCK_SIZE = 16 unsigned char iv[AES_BLOCK_SIZE]; // init vector unsigned char* input_string; unsigned char* encrypt_string; unsigned char* decrypt_string; unsigned int len; // encrypt length (in multiple of AES_BLOCK_SIZE) unsigned int i; // check usage if (argc != 2) { fprintf(stderr, "%s <plain text>\n", argv[0]); exit(-1); } // set the encryption length len = 0; if ( strlen(argv[1])>=AES_BLOCK_SIZE || (strlen(argv[1]) + 1) % AES_BLOCK_SIZE == 0) { len = strlen(argv[1]) + 1; } else { len = ((strlen(argv[1]) + 1) / AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE; } // set the input string input_string = (unsigned char*)calloc(len, sizeof(unsigned char)); if (input_string == NULL) { fprintf(stderr, "Unable to allocate memory for input_string\n"); exit(-1); } strncpy((char*)input_string, argv[1], strlen(argv[1])); // Generate AES 128-bit key memset(key, 0x01, AES_BLOCK_SIZE); // Set encryption key memset(iv, 0x01, AES_BLOCK_SIZE); if (AES_set_encrypt_key(key, 128, &aes) < 0) { fprintf(stderr, "Unable to set encryption key in AES\n"); exit(-1); } // alloc encrypt_string encrypt_string = (unsigned char*)calloc(len, sizeof(unsigned char)); if (encrypt_string == NULL) { fprintf(stderr, "Unable to allocate memory for encrypt_string\n"); exit(-1); } // encrypt (iv will change) AES_cbc_encrypt(input_string, encrypt_string, len, &aes, iv, AES_ENCRYPT); ///////////////////////////////////// // alloc decrypt_string decrypt_string = (unsigned char*)calloc(len, sizeof(unsigned char)); if (decrypt_string == NULL) { fprintf(stderr, "Unable to allocate memory for decrypt_string\n"); exit(-1); } // Set decryption key memset(iv, 0x01, AES_BLOCK_SIZE); if (AES_set_decrypt_key(key, 128, &aes) < 0) { fprintf(stderr, "Unable to set decryption key in AES\n"); exit(-1); } // decrypt AES_cbc_encrypt(encrypt_string, decrypt_string, len, &aes, iv, AES_DECRYPT); // print printf("input_string =%s\n", input_string); printf("encrypted string ="); for (i=0; i<len; ++i) { printf("%u ", encrypt_string[i]); } printf("\n"); printf("decrypted string =%s\n", decrypt_string); return 0;}
EVP_CIPHER_CTX ctx;
if(EVP_EncryptInit(&ctx,EVP_aes_256_cbc(),(unsigned char *)evp_eky2,(unsigned char *)evp_ivc2) == 0)
throw "quit";
outp = evp_encrypt_cstr(&ctx,src,&outlen);
if(outp == NULL) throw "quit";
EVP_CIPHER_CTX_cleanup(&ctx);
解秘
*(uch_tmp1+dlen) = NULL;
EVP_CIPHER_CTX ctx;
if(EVP_DecryptInit(&ctx,EVP_aes_256_cbc(),(unsigned char *)evp_eky2,(unsigned char *)evp_ivc2) == 0)
throw "quit";
int clen = EVP_CIPHER_CTX_block_size(&ctx);
int buflen = dlen+clen+1+64;
outp = new char[buflen];
if(outp == NULL) throw "quit";
memset(outp,0x0,buflen);
if(EVP_DecryptUpdate(&ctx,(unsigned char*)outp,&outlen,(unsigned char *)uch_tmp1,dlen) == 0 && outlen < ONEK_MSG_LEN/*protection*/)
throw "quit";
if(EVP_DecryptFinal_ex(&ctx,(unsigned char*)outp+outlen,&finallen) == 0)
{
throw "quit";
}
*(outp+outlen+finallen) = NULL;
EVP_CIPHER_CTX_cleanup(&ctx);