openssl AF_ALG引擎使用

已于 2024-03-26 15:47:17 修改
阅读量477 收藏 2
点赞数 11
分类专栏: 加密 文章标签: 服务器 linux 运维
于 2024-03-26 15:32:31 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/junjun5156/article/details/137036433
版权

cmd

AF_ALG是Linux提供的一种虚拟接口,用于访问内核中的加密算法。在Linux中,可以使用AF_ALG接口配合加密算法框架(Crypto API)来进行加密操作。

以下是一个使用AF_ALG和openssl进行加密操作的例子:

# 加密
openssl engine -t afalg -k afalg -c
 
# 加载AF_ALG引擎
openssl engine afalg
 
# 设置会话使用的加密算法和密钥
openssl ciphers -v 'aes-128-cbc'
 
# 加密文件
openssl enc -engine afalg -aes-128-cbc -in input.txt -out output.txt -pass pass:YOUR_PASSWORD

在这个例子中,我们首先加载AF_ALG加密引擎。然后,我们设置会话使用的加密算法为AES-128-CBC。最后,我们使用openssl的enc命令进行加密操作,指定输入文件input.txt和输出文件output.txt,并使用密钥mysecretkey进行加密。

注意:在使用AF_ALG引擎之前,你需要确保系统中已经安装了libafalg-dev包,并且你的内核支持AF_ALG。

这只是一个基本的示例,实际使用时可能需要根据具体的加密算法和系统配置进行调整。

测试实例:(这是在101编译服务器环境上测试的)

der@somewhere:~/tmp/tmp$ openssl engine -t afalg -k afalg -c
engine: Cannot mix flags and engine names.
engine: Use -help for summary.
der@somewhere:~/tmp/tmp$ openssl engine -t afalg -k afalg
engine: Cannot mix flags and engine names.
engine: Use -help for summary.
der@somewhere:~/tmp/tmp$ openssl engine -t afalg
(afalg) AFALG engine support
     [ available ]
der@somewhere:~/tmp/tmp$ 
der@somewhere:~/tmp/tmp$ 
der@somewhere:~/tmp/tmp$ openssl engines
Invalid command 'engines'; type "help" for a list.
der@somewhere:~/tmp/tmp$ openssl engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
der@somewhere:~/tmp/tmp$ openssl engine afalg
(afalg) AFALG engine support
der@somewhere:~/tmp/tmp$ openssl ciphers -v 'aes-128-cbc'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
der@somewhere:~/tmp/tmp$
der@somewhere:~/tmp/tmp$ find /usr/lib -name "*afalg*"
/usr/lib/x86_64-linux-gnu/engines-1.1/afalg.so
der@somewhere:~/tmp/tmp$
der@somewhere:~/tmp/tmp$ openssl enc -engine afalg -aes-128-cbc -in info.txt -out output.txt
engine "afalg" set.
enter aes-128-cbc encryption password:
Verifying - enter aes-128-cbc encryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
der@somewhere:~/tmp/tmp$
der@somewhere:~/tmp/tmp$ 
der@somewhere:~/tmp/tmp$ openssl enc -d -engine afalg -aes-128-cbc -in output.txt -out dec.txt -pass pass:somepasswd
engine "afalg" set.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
der@somewhere:~/tmp/tmp$ 
der@somewhere:~/tmp/tmp$ md5sum info.txt dec.txt 
c50829378ad3f6ad668b290ef8b17cc4  info.txt
c50829378ad3f6ad668b290ef8b17cc4  dec.txt
der@somewhere:~/tmp/tmp$

code

加载

int main() {
        int ret = 1;
        int type = 0;
        do{
                printf("please choose type: 0:exit 1:load_builtin, 2:init_crypto AFALG, 3:init_crypto DYNAMIC, 4:add_all_algorithms\n");
                (void)scanf(" %d",&type);
                switch(type){
                        case 0:
                                return 0;
                        case 1:
                                ENGINE_load_builtin_engines();
                                break;
                        case 2:
                                OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL);
                                break;
                        case 3:
                                OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL);
                                break;
                        case 4:
                                OpenSSL_add_all_algorithms();
                                break;

                }

                ENGINE *e = ENGINE_by_id("afalg");
                if (e == NULL) {
                        printf("Can not load AFALG engine.\n");
                        continue;
                }
                printf("Load AFALG engine OK.\n");
                int rc = ENGINE_init(e);
                if (rc == 0) {
                        printf("Init AFALG engine fail.\n");
                        ENGINE_free(e);
                        continue;
                }
                printf("Init AFALG engine OK.\n");

                //now we can use afalg engine

第1种第3种可以加载,2,4种不行

使用

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/engine.h>

// colors used in printf
#define COLOR_NONE "\033[m"
#define COLOR_RED "\033[0;32;31m"
#define COLOR_LIGHT_RED "\033[1;31m"
#define COLOR_YELLOW "\033[1;33m"
#define COLOR_GREEN "\033[0;32;32m"
#define COLOR_BLUE "\033[0;32;34m"
#define COLOR_PURPLE "\033[0;32;35m"

// switch of printf
#if 1
#define PRINT(...) printf(__VA_ARGS__)
#else
#define PRINT(...)
#endif

#if 0
#define PRINTSUCCESS(...) printf(__VA_ARGS__)
#else
#define PRINTSUCCESS(...)
#endif

#if 1
#define PRINTFAIL(...) printf(__VA_ARGS__)
#else
#define PRINTFAIL(...)
#endif

// macros related to break
#define FREE_NOTNULL(ptr, func_name) \
    {                                \
        if (ptr != NULL)             \
        {                            \
            func_name(ptr);          \
            ptr = NULL;              \
        }                            \
    }

#define CALL_FUNC(ret, funSentence, errCase)                                                                     \
    {                                                                                                            \
        ret = funSentence;                                                                                       \
        if (errCase)                                                                                             \
        {                                                                                                        \
            PRINTFAIL(COLOR_RED "[%s][%d] " #funSentence " fail:" #errCase "\n" COLOR_NONE, __FILE__, __LINE__); \
            break;                                                                                               \
        }                                                                                                        \
        else                                                                                                     \
        {                                                                                                        \
            PRINTSUCCESS(COLOR_GREEN "[%s][%d] " #funSentence " success\n" COLOR_NONE, __FILE__, __LINE__);      \
        }                                                                                                        \
    }

#define CALL_FUNC_WITHIOUTBREAK(ret, funSentence, errCase)                                                       \
    {                                                                                                            \
        ret = funSentence;                                                                                       \
        if (errCase)                                                                                             \
        {                                                                                                        \
            PRINTFAIL(COLOR_RED "[%s][%d] " #funSentence " fail:" #errCase "\n" COLOR_NONE, __FILE__, __LINE__); \
        }                                                                                                        \
        else                                                                                                     \
        {                                                                                                        \
            PRINTSUCCESS(COLOR_GREEN "[%s][%d] " #funSentence " success\n" COLOR_NONE, __FILE__, __LINE__);      \
        }                                                                                                        \
    }

#define CALL_FUNC_NOTNULL(ret, funSentence) \
    CALL_FUNC(ret, funSentence, ret == NULL)

#define CALL_FUNC_POSITIVE(ret, funSentence) \
    CALL_FUNC(ret, funSentence, ret <= 0)

#define CALL_NBFUNC_NOTNULL(ret, funSentence) \
    CALL_FUNC_WITHIOUTBREAK(ret, funSentence, ret == NULL)

#define CALL_NBFUNC_POSITIVE(ret, funSentence) \
    CALL_FUNC_WITHIOUTBREAK(ret, funSentence, ret <= 0)

#define BUFFER_SIZE 256

static void print_hex(const char *info, unsigned char *data, unsigned int len)
{
    printf("%s[len:%d | 0x%x]\n", info, len, len);
    for (int i = 0; i < len; i++)
    {
        printf("%02x ", data[i]);
    }
    printf("\n");
}

static int test_afalg_aes_cbc(ENGINE *engine)
{
    EVP_CIPHER_CTX *ctx = NULL;
    const EVP_CIPHER *cipher;
    unsigned char key[] = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
                          "\x51\x2e\x03\xd5\x34\x12\x00\x06"
                          "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
                          "\x51\x2e\x03\xd5\x34\x12\x00\x06";
    unsigned char iv[] = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
                         "\xb4\x22\xda\x80\x2c\x9f\xac\x41";
    /* input = "Single block msg\n"  17Bytes*/
    unsigned char in[BUFFER_SIZE] = "\x53\x69\x6e\x67\x6c\x65\x20\x62"
                                    "\x6c\x6f\x63\x6b\x20\x6d\x73\x67\x0a";
    unsigned char ebuf[BUFFER_SIZE + 32];
    unsigned char dbuf[BUFFER_SIZE + 32];
    unsigned char encresult_128[] = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
                                    "\x27\x08\x94\x2d\xbe\x77\x18\x1a\x2d";
    unsigned char encresult_192[] = "\xf7\xe4\x26\xd1\xd5\x4f\x8f\x39"
                                    "\xb1\x9e\xe0\xdf\x61\xb9\xc2\x55\xeb";
    unsigned char encresult_256[] = "\xa0\x76\x85\xfd\xc1\x65\x71\x9d"
                                    "\xc7\xe9\x13\x6e\xae\x55\x49\xb4\x13";
    unsigned char *enc_result = NULL;

    int encl, encf, decl, decf;
    int ret = 0;
    int keysize_idx = 0;
    printf("please choose key len: 0:128, 1:192, 2:256 else:128\n");
    (void)scanf(" %d", &keysize_idx);

    do
    {
        switch (keysize_idx)
        {
        case 0:
            cipher = EVP_aes_128_cbc();
            enc_result = &encresult_128[0];
            break;
        case 1:
            cipher = EVP_aes_192_cbc();
            enc_result = &encresult_192[0];
            break;
        case 2:
            cipher = EVP_aes_256_cbc();
            enc_result = &encresult_256[0];
            break;
        default:
            cipher = EVP_aes_128_cbc();
            enc_result = &encresult_128[0];
            break;
        }
        CALL_FUNC_NOTNULL(ctx, EVP_CIPHER_CTX_new())
        print_hex("src data", in, BUFFER_SIZE);
        CALL_FUNC_POSITIVE(ret, EVP_CipherInit_ex(ctx, cipher, engine, key, iv, 1))
        CALL_FUNC_POSITIVE(ret, EVP_CipherUpdate(ctx, ebuf, &encl, in, BUFFER_SIZE))
        CALL_FUNC_POSITIVE(ret, EVP_CipherFinal_ex(ctx, ebuf + encl, &encf))

        encl += encf;
        print_hex("enc data", ebuf, encl);
        // CALL_FUNC(ret,memcmp(enc_result, ebuf, BUFFER_SIZE),ret != 0)

        CALL_FUNC_POSITIVE(ret, EVP_CIPHER_CTX_reset(ctx))
        CALL_FUNC_POSITIVE(ret, EVP_CipherInit_ex(ctx, cipher, engine, key, iv, 0))
        CALL_FUNC_POSITIVE(ret, EVP_CipherUpdate(ctx, dbuf, &decl, ebuf, encl))
        CALL_FUNC_POSITIVE(ret, EVP_CipherFinal_ex(ctx, dbuf + decl, &decf))
        print_hex("dec data", dbuf, decl);

        decl += decf;
        CALL_FUNC_POSITIVE(ret, decl == BUFFER_SIZE)
        CALL_FUNC(ret, memcmp(dbuf, in, BUFFER_SIZE), ret != 0)
        printf("engine enc dec success.\n");
        ret = 1;
    } while (0);
end:
    FREE_NOTNULL(ctx, EVP_CIPHER_CTX_free)
    return ret;
}

int test_engine_digest(ENGINE *engine)
{
    int ret = 0;
    const EVP_MD *md = NULL;
    EVP_MD_CTX *emctx = NULL;
    unsigned char data[128] = {1, 2, 4};
    unsigned char digestData[64] = {0};
    unsigned int digestSize = sizeof(digestData);
    const char *eName = NULL;
    do
    {
        CALL_FUNC_NOTNULL(eName, ENGINE_get_name(engine))
        printf("engine name:%s\n", eName);
        CALL_FUNC_POSITIVE(ret, ENGINE_register_digests(engine))               //
        CALL_FUNC_POSITIVE(ret, ENGINE_set_default(engine, ENGINE_METHOD_ALL)) // ENGINE_METHOD_DIGESTS))

        CALL_FUNC_NOTNULL(emctx, EVP_MD_CTX_new())
        CALL_FUNC_POSITIVE(ret, EVP_MD_CTX_init(emctx))
        CALL_FUNC_NOTNULL(md, EVP_md5())
        digestSize = sizeof(digestData);
        CALL_FUNC_POSITIVE(ret, EVP_DigestInit_ex(emctx, md, engine))
        CALL_FUNC_POSITIVE(ret, EVP_DigestUpdate(emctx, data, sizeof(data)))
        CALL_FUNC_POSITIVE(ret, EVP_DigestFinal(emctx, digestData, &digestSize))
        print_hex("MD5 3 segment result", digestData, digestSize);

        memset(digestData, 0, sizeof(digestData));
        digestSize = sizeof(digestData);
        // CALL_FUNC_POSITIVE(ret,EVP_DigestInit_ex(emctx,md,engine))
        CALL_FUNC_POSITIVE(ret, EVP_Digest(data, sizeof(data), digestData, &digestSize, md, engine))
        print_hex("MD5 1 segment result", digestData, digestSize);

        memset(digestData, 0, sizeof(digestData));
        digestSize = sizeof(digestData);
        CALL_FUNC_NOTNULL(md, EVP_sha1())
        CALL_FUNC_POSITIVE(ret, EVP_DigestInit_ex(emctx, md, engine))
        CALL_FUNC_POSITIVE(ret, EVP_DigestUpdate(emctx, data, sizeof(data)))
        CALL_FUNC_POSITIVE(ret, EVP_DigestFinal(emctx, digestData, &digestSize))
        print_hex("SHA1 3 segment result", digestData, digestSize);

        memset(digestData, 0, sizeof(digestData));
        digestSize = sizeof(digestData);
        CALL_FUNC_NOTNULL(md, EVP_sha256())
        CALL_FUNC_POSITIVE(ret, EVP_DigestInit_ex(emctx, md, engine))
        CALL_FUNC_POSITIVE(ret, EVP_DigestUpdate(emctx, data, sizeof(data)))
        CALL_FUNC_POSITIVE(ret, EVP_DigestFinal(emctx, digestData, &digestSize))
        print_hex("SHA256 3 segment result", digestData, digestSize);
    } while (0);
    // FREE_NOTNULL(md,EVP_md5xx) //do not need free
    FREE_NOTNULL(emctx, EVP_MD_CTX_free)
    return ret;
}

int main()
{
    int ret = 1;
    int type = 0;
    do
    {
        printf("please choose type: 0:exit 1:load_builtin, 2:init_crypto AFALG, 3:init_crypto DYNAMIC, 4:add_all_algorithms\n");
        (void)scanf(" %d", &type);
        switch (type)
        {
        case 0:
            return 0;
        case 1:
            ENGINE_load_builtin_engines();
            break;
        case 2:
            OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL);
            break;
        case 3:
            OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL);
            break;
        case 4:
            OpenSSL_add_all_algorithms();
            break;
        }

        ENGINE *e = ENGINE_by_id("afalg");
        if (e == NULL)
        {
            printf("Can not load AFALG engine.\n");
            continue;
        }
        printf("Load AFALG engine OK.\n");
        int rc = ENGINE_init(e);
        if (rc == 0)
        {
            printf("Init AFALG engine fail.\n");
            ENGINE_free(e);
            continue;
        }
        printf("Init AFALG engine OK.\n");

        // now we can use afalg engine
        CALL_FUNC_POSITIVE(ret, test_afalg_aes_cbc(e))
        CALL_FUNC_POSITIVE(ret, test_engine_digest(e))

        // ENGINE_free(e);
        ENGINE_finish(e);
    } while (type != 0);
    return 0;
}
der@somewhere:~/tmp/tmp/engine$ gcc -o engine engine.c -lcrypto
der@somewhere:~/tmp/tmp/engine$ ./engine 
please choose type: 0:exit 1:load_builtin, 2:init_crypto AFALG, 3:init_crypto DYNAMIC, 4:add_all_algorithms
3
Load AFALG engine OK.
Init AFALG engine OK.
please choose key len: 0:128, 1:192, 2:256 else:128
2
src data[len:256 | 0x100]
53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
enc data[len:272 | 0x110]
a0 76 85 fd c1 65 71 9d c7 e9 13 6e ae 55 49 b4 ca 9f 86 f1 4f 52 d9 66 6c a1 f9 25 ae 42 c6 d9 e6 f2 15 3a 08 14 c2 e0 02 06 de e2 c1 45 ba 02 dc 36 85 a8 2e 74 a3 68 b8 96 69 0f 78 59 34 50 77 85 24 00 f1 54 ea 9f 75 b7 61 c1 db a1 ad b3 3b b5 c1 c9 77 9f f0 f8 fc 95 f1 36 17 34 c5 03 41 43 1e 6e 69 e8 e1 88 fb d1 ac 0c 46 6e 71 26 52 a3 91 b3 87 dc 6a 16 e4 02 a8 a4 8b 4c 6a c1 ef 5d 92 3b ab 43 cc 80 34 5a c6 52 c6 48 8b a0 f5 14 12 85 55 78 92 80 30 5f f9 45 e1 fe 61 e9 02 da a1 69 19 a1 92 16 87 f2 a3 8d e3 e8 15 34 69 c2 40 69 2b 15 43 27 da 4e 56 15 d3 10 e5 55 58 8c d0 0e ee 2b 3f 00 57 e8 65 7f ac d5 01 af 9a 13 1a c0 ae ac b1 a8 01 46 f7 15 2d 26 22 b1 87 a0 ee db a3 fb 9d a3 94 77 91 e1 72 25 5e 9c 17 d6 d6 5f e9 3c 2f 0f bb be 79 1f 99 06 7e 37 68 67 9c 76 04 dc de e3 dc ed dd c9 32 fd dc 7d 
dec data[len:256 | 0x100]
53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
engine enc dec success.
engine name:AFALG engine support
[engine.c][197] EVP_DigestInit_ex(emctx,md,engine) fail:ret <= 0
[engine.c][271] test_engine_digest(e) fail:ret <= 0
der@somewhere:~/tmp/tmp/engine$ 
der@somewhere:~/tmp/tmp/engine$

可以看到aes使用afalg引擎成功,但是digest使用引擎失败了。之前好像看到过说明,digest软算法很快,如果使用硬件加速引擎综合开销反而更大或者效率提升不明显,如果需要引擎支持digest需要编译openssl的时候指定相应标志。就这样。

人生如叶
关注
  • 11
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Alg.rar_3des openssl_OPENSSL 3DES_openssl rsa_openssl测试_openssl
09-24
本文将深入探讨标题和描述中提到的“Alg.rar_3des openssl_OPENSSL 3DES_openssl rsa_openssl测试_openssl测”相关知识点,主要围绕3DES(Triple DES)加密算法和RSA公钥加密算法在OpenSSL库中的实现及测试。...
ssl-server.zip_JSON_openssl server_openssl web_openssl windows_s
09-24
结合“openssl_server”、“openssl_web”和“openssl_windows”,我们可以推测这个项目是为Windows平台设计的一个使用OpenSSL库处理JSON数据的Web服务器。 压缩包中的文件“ssl-server”可能是源代码文件或者...
使用Netlink AF_ALG调用内核态密码模块
wq897387的专栏
10-14 2755
使用Netlink AF_ALG调用内核态密码模块
openssl使用afalg引擎
wq897387的专栏
10-27 1249
OpenSSL 1.1.0以上版本才支持afalg引擎。 配置并编译安装 # ./config enable-engine enable-dso enable-afalgeng # make # make install 在编译安装完成后,可发现afalg.so文件 # pwd /root/openssl/engines # ls *.so afalg.so capi.so dasync.so ossltest.so padlock.so # pwd /usr/lib64/engin
OpenSSL 之一】OpenSSL初体验(编译安装、工作机制、Engine加载(afalg、cryptodev-linux)、offload等)
KXue0703的博客
03-14 5367
OpenSSL是一个安全套接字层密码库,囊括主要的密码算法、常用密钥、证书封装管理功能及实现SSL协议。整个软件包大概可以分成三个主要的功能部分:SSL协议库libssl、应用程序命令工具以及密码算法库libcrypto。
SWAN测试用例af-alg/alg-camellia
redwingz的博客
10-28 692
Camellia作为一种块加密算法,支持块长度128、192或256位,其具有与AES同等级的安全强度。本测试用例使用到Camellia算法的两者密钥长度192和256。 以下启动af-alg/alg-camellia测试用例,注意在启动之前需要执行start-testing脚本开启测试环境。 $ cd strongswan-5.8.1/testing $ $ sudo ./do-tests af...
SWAN测试用例af-alg/rw-cert
redwingz的博客
10-28 1034
本测试中远程用户(roadwarrior) carol与网关moon使用内核的加密套接口af_alg(代码位于内核文件crypto/af_alg.c)进行所有的对称加密和哈希计算,另外远程用户dave使用strongswan默认的加密插件:aes、des、sha1、sha2、md5或gmp进行相应操作。 远程用户carol和dave分别建立到网关moon的连接,认证使用X.509证书方式。连接成功...
Linux kernel crypto的介绍
baron-周贺贺-代码改变世界ctw
01-04 5407
linux kernel中,支持以下四种crypto算法: algif_aead.c algif_hash.c algif_rng.c algif_skcipher.c
windows-openssl.zip_OPENSSL 库_openssl windows_openssl开发库_openssl
09-19
在标签中,我们看到 "openssl_库"、"openssl_windows" 和 "openssl开发库",这表明这个压缩包特别适用于 Windows 开发者,他们可以利用这些资源进行 OpenSSL 的集成和开发工作。"openssl测试" 指的是可能包含的测试...
openssl文档_openssl_x509_
10-04
`OpenSSL_api_进行安全编程.doc`可能会讲解如何使用OpenSSL API进行签名和验证操作。签名过程通常涉及私钥加密数据的哈希值,而验证则需要使用对应的公钥解密签名,对比解密后的哈希值与原始数据的哈希值是否一致。 ...
tls.rar_TLS_openssl TLS_openssl server_openssl t
09-24
在标签中,“openssl_tls”、“openssl_server”和“openssl_t”进一步强调了这些源代码与OpenSSL库中的TLS功能有关,特别是关于服务器端的部分。这可能包括OpenSSL库的使用,如设置TLS版本、选择加密套件、处理证书...
IMX Linux 用户手册 — 3
chocolate2018的博客
01-29 991
IMX Linux 用户手册
arm64 架构 Linux 安装编译openssl报错engines/afalg/e_afalg.c:110:20: error: ‘__NR_eventfd‘ undeclared
最新发布
weixin_41760409的博客
08-30 713
在arm64架构 Linux 安装编译openssl时候报错 engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function);解决办法:找到static ossl_inline int eventfd(int n)修改如下。文件openssl/engines/afalg/e_afalg.c。
源码学习笔记之Openssl
明潮的BLOG
08-12 1792
目录: ├─apps │&nbsp; │&nbsp; apps.c │&nbsp; │&nbsp; apps.h │&nbsp; │&nbsp; app_rand.c │&nbsp; │&nbsp; asn1pars.c │&nbsp; │&nbsp; build.info │&nbsp; │&nbsp; ca-cert.srl │&nbsp; │&nbsp; ca-key.pem │&
Socket低级网络连接
chikun8177的博客
05-17 674
该模块提供对BSD套接字接口的访问。它适用于所有现代Unix系统,Windows,MacOS以及其他可能的平台。 注意 某些行为可能与平台有关,因为对操作系统套接字API进行了调用。 Python接口是Unix系统调用和库接口的直接音译,用于套接字到Python的面...
OpenSSL引擎机制与加密套件协商的应用研究
__52Hz__
02-25 1416
原文地址:http://www.doc88.com/p-9972765428808.html
Linux内核 crypto文件夹 密码学知识学习
CHYabc123456hh的博客
12-27 4367
参考链接 Linux source code (v5.15.11) - Bootlin Linux内核 在线源代码 查询函数定义和使用 Linux Kernel(Android) 加密算法总结(一)(cipher、compress、digest)_万能的终端和网络-程序员宅基地 - 程序员宅基地 ...
openssl尽量不要动啊,成功恢复记录
weixin_43869959的博客
11-26 1150
openssl尽量不要动啊-成功恢复记录.md
来自Facebook的KTLS(Kernel SSL/TLS)原理和实例
热门推荐
Netfilter
12-25 2万+
抽了点时间研究了下KTLS,这源自于跟同事交流的一个问题,那就是现如今的HTTPS服务器以及scp命令传输本地文件的时候,无法使用sendfile系统调用!        这个话题让我想起了很多的老同事,为了不骚扰到他们,本文中我一律使用只有我们自己才知道的昵称。        我后悔当初为什么没有想到一个让HTTPS/scp支持sendfile/splice/tee调用族的方案,我表示后悔是因为
typedef enum { HCF_ALG_ECC_224 = 1, HCF_ALG_ECC_256, HCF_ALG_ECC_384, HCF_ALG_ECC_521, HCF_ALG_AES_128, HCF_ALG_AES_192, HCF_ALG_AES_256, HCF_ALG_3DES_192, HCF_ALG_MODE_NONE, HCF_ALG_MODE_ECB, HCF_ALG_MODE_CBC, HCF_ALG_MODE_CTR, HCF_ALG_MODE_OFB, HCF_ALG_MODE_CFB, HCF_ALG_MODE_CFB1, HCF_ALG_MODE_CFB8, HCF_ALG_MODE_CFB64, HCF_ALG_MODE_CFB128, HCF_ALG_MODE_CCM, HCF_ALG_MODE_GCM, HCF_ALG_NOPADDING, HCF_ALG_PADDING_PKCS5, HCF_ALG_PADDING_PKCS7, // rsa keysize HCF_OPENSSL_RSA_512, HCF_OPENSSL_RSA_768, HCF_OPENSSL_RSA_1024, HCF_OPENSSL_RSA_2048, HCF_OPENSSL_RSA_3072, HCF_OPENSSL_RSA_4096, HCF_OPENSSL_RSA_8192, // rsa cipher padding, HCF_OPENSSL_RSA_PKCS1_PADDING, HCF_OPENSSL_RSA_PKCS1_OAEP_PADDING, HCF_OPENSSL_RSA_PSS_PADDING, // digest HCF_OPENSSL_DIGEST_NONE, HCF_OPENSSL_DIGEST_MD5, HCF_OPENSSL_DIGEST_SHA1, HCF_OPENSSL_DIGEST_SHA224, HCF_OPENSSL_DIGEST_SHA256, HCF_OPENSSL_DIGEST_SHA384, HCF_OPENSSL_DIGEST_SHA512, // primes HCF_OPENSSL_PRIMES_2, HCF_OPENSSL_PRIMES_3, HCF_OPENSSL_PRIMES_4, HCF_OPENSSL_PRIMES_5, } HCF_ALG_PARA_VALUE; 结合上一个进行代码讲解
06-03
这段代码定义了一个枚举类型 `HCF_ALG_PARA_VALUE`,其中列举了多个常量,用于表示不同的参数值。 这些参数值包括了一些加密算法和模式的名称,例如 `HCF_ALG_ECC_224`、`HCF_ALG_AES_128`、`HCF_ALG_MODE_CBC` 等等。同时也包括了 RSA 密钥长度、RSA 填充方式、哈希算法等参数。这些参数的命名方式使用了 `HCF_OPENSSL_` 前缀,表明它们是与 OpenSSL 库相关的。 通过使用这些常量,开发者可以更方便地在代码中使用这些参数值,而不需要直接使用数值。同时,这些常量的命名也更加清晰明了,可以更好地表达参数的含义。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值