头文件crypto_util.h
#pragma once
#include <string>
namespace hsm{
namespace mgmt{
void get_md5_digest(const std::string &data,uint8_t result[16]);
std::string aes_encrypt_to_string(const std::string &string,
const std::string &password);
std::string aes_decrypt_from_string(const std::string &string,
const std::string &password);
}//namespace mgmt
}//namespace hsm
代码实现crypto_util.cpp
#include "../util/crypto_util.h"
#include <cstring>
#include <memory>
#include <openssl/aes.h>
#include <openssl/md5.h>
namespace hsm{
namespace mgmt{
void get_md5_digest(const std::string &data,uint8_t result[16]){
MD5_CTX md5_ctx{};
MD5_Init(&md5_ctx);
MD5_Update(&md5_ctx,data.c_str(),data.length());
MD5_Final(result,&md5_ctx);
}
/**
* @brief generate a valid aes key from input password
*
* @note AES only support keys with length 128/192/256bits
* @note this implementation use md5 as a method to fix the password
*/
std::unique_ptr<AES_KEY> get_aes_key(const std::string &password,int flag){
auto aes_key = std::make_unique<AES_KEY>();
uint8_t data[16]{};
get_md5_digest(password,data);
if (flag == AES_ENCRYPT){
AES_set_encrypt_key(data,sizeof(data)*8,aes_key.get());
} else if (flag == AES_DECRYPT){
AES_set_decrypt_key(data,sizeof(data)*8,aes_key.get());
}
return aes_key;
}
std::string aes_encrypt_to_string(const std::string &data,const std::string &password){
auto aes_key = get_aes_key(password,AES_ENCRYPT);
std::string result(data.length(),'0');
auto input_offset = reinterpret_cast<const uint8_t *>(data.c_str());
auto output_offset = reinterpret_cast<uint8_t *>(&result[0]);
//encrypt blocks
for (size_t i = 0; i < data.length() / AES_BLOCK_SIZE ; ++i) {
AES_encrypt(input_offset,output_offset,aes_key.get());
input_offset += AES_BLOCK_SIZE;
output_offset += AES_BLOCK_SIZE;
}
//write rest od data to file
auto rest_input_length = data.length() % AES_BLOCK_SIZE;
if (rest_input_length > 0 ){
std::memcpy(output_offset,input_offset,
rest_input_length + 1);
}
return result;
}
std::string aes_decrypt_from_string(const std::string &enc_data,
const std::string &password){
auto aes_key = get_aes_key(password,AES_DECRYPT);
std::string result(enc_data.length(),'0');
auto input_offset = reinterpret_cast<const uint8_t *>(enc_data.c_str());
auto output_offset = reinterpret_cast<uint8_t *>(&result[0]);
//decrypt blocks
for (size_t i = 0;i < enc_data.length() / AES_BLOCK_SIZE;i++){
AES_decrypt(input_offset,output_offset,aes_key.get());
input_offset += AES_BLOCK_SIZE;
output_offset += AES_BLOCK_SIZE;
}
//decrypt rest of data
auto rest_input_length = enc_data.length() % AES_BLOCK_SIZE;
if (rest_input_length > 0 ){
std::memcpy(output_offset,input_offset,
rest_input_length + 1);
}
return result;
}
}//namespace mgmt
}//namespace hsm