aes加密是一种对称加密。
openssl的aes加密接口,要求数据是AES_BLOCK_SIZE的整数倍,所以当源数据不是16的整数倍时,需要填充一些字节。
一下是一个封装aes加密的例子:
bool AESEncrypt(const std::string& key, const std::string& src, std::string& encrypt, int aes_key_bits) {
std::string plain = src;
if (key.empty() || plain.empty()) {
return false;
}
int data_length = plain.length();
if (data_length % AES_BLOCK_SIZE != 0){
int append_data_length = (data_length / AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE;
int padding_data = 0;
plain.append(append_data_length - data_length, padding_data);
data_length = append_data_length;
}
unsigned char * input = new unsigned char[data_length + 1];
if (input == nullptr) {
return false;
}
memset(input, 0, data_length + 1);
memcpy(input, plain.c_str(), data_length);
unsigned char *output = new unsigned char[data_length + 1];
if (output == nullptr) {
delete[] input;
return false;
}
memset(output, 0, data_length + 1);
AES_KEY aes_key;
memset(&aes_key, 0, sizeof(AES_KEY));
int success = AES_set_encrypt_key((const unsigned char*)key.c_str(), aes_key_bits, &aes_key);
if (success < 0) {
delete[] input;
delete[] output;
return false;
}
unsigned char init_vector[AES_BLOCK_SIZE] = {0};
if (key.length() >= 16) {
for (int i = 0; i < AES_BLOCK_SIZE; ++i) {
init_vector[i] = key[i];
}
}
AES_cbc_encrypt((const unsigned char*)input, output, data_length, &aes_key, init_vector, AES_ENCRYPT);
encrypt.assign((char*)output, data_length);
delete[] input;
delete[] output;
return true;
}
bool AESDecrypt(const std::string& key, const std::string& encrypt, std::string& decrypt, int aes_key_bits) {
if (key.empty() || encrypt.empty()) {
return false;
}
int data_length = encrypt.length();
if (data_length % AES_BLOCK_SIZE != 0){
return false;
}
unsigned char * input = new unsigned char[data_length + 1];
if (input == nullptr) {
return false;
}
memset(input, 0, data_length + 1);
memcpy(input, encrypt.c_str(), data_length);
unsigned char *output = new unsigned char[data_length + 1];
if (output == nullptr) {
delete[] input;
return false;
}
memset(output, 0, data_length + 1);
AES_KEY aes_key;
memset(&aes_key, 0, sizeof(AES_KEY));
int success = AES_set_decrypt_key((const unsigned char*)key.c_str(), aes_key_bits, &aes_key);
if (success < 0) {
delete[] input;
delete[] output;
return false;
}
unsigned char init_vector[AES_BLOCK_SIZE] = {0};
if (key.length() >= 16) {
for (int i = 0; i < AES_BLOCK_SIZE; ++i) {
init_vector[i] = key[i];
}
}
AES_cbc_encrypt((const unsigned char*)input, output, data_length, &aes_key, init_vector, AES_DECRYPT);
decrypt.assign((char*)output, data_length);
delete[] input;
delete[] output;
return true;
}