mbedtls how to en/decrypt with aes ecb,cbc,ctr,cfb,ofb,xts

最新推荐文章于 2024-04-10 12:08:50 发布
最新推荐文章于 2024-04-10 12:08:50 发布
阅读量1.3k 收藏 2
点赞数
分类专栏: 田园诗人之园
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u014100559/article/details/104217668
版权

If you want to know the basic knowledge of ECB/CBC/CTR/PCBC/CFB/OFB, you can check the below wiki
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

The source code path of how to use ecb/cbc/ctr/cfb/ofb/xts as below show:
mbedtls/library/aes.c

This is the self test of aes, if you want to use the below aes cipher type to handler you data, you can refer to the following code.

#if defined(MBEDTLS_SELF_TEST)
/*
 * Checkup routine
 */
int mbedtls_aes_self_test( int verbose )
{
    int ret = 0, i, j, u, mode;
    unsigned int keybits;
    unsigned char key[32];
    unsigned char buf[64];
    const unsigned char *aes_tests;
#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
    unsigned char iv[16];
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
    unsigned char prv[16];
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR) || defined(MBEDTLS_CIPHER_MODE_CFB) || \
    defined(MBEDTLS_CIPHER_MODE_OFB)
    size_t offset;
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR) || defined(MBEDTLS_CIPHER_MODE_XTS)
    int len;
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
    unsigned char nonce_counter[16];
    unsigned char stream_block[16];
#endif
    mbedtls_aes_context ctx;

    memset( key, 0, 32 );
    mbedtls_aes_init( &ctx );

    /*
     * ECB mode
     */
    for( i = 0; i < 6; i++ )
    {
        u = i >> 1;
        keybits = 128 + u * 64;
        mode = i & 1;

        if( verbose != 0 )
            mbedtls_printf( "  AES-ECB-%3d (%s): ", keybits,
                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );

        memset( buf, 0, 16 );

        if( mode == MBEDTLS_AES_DECRYPT )
        {
            /*设置aes解密的key*/
            ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
            aes_tests = aes_test_ecb_dec[u];
        }
        else
        {
            /*设置aes加密的key*/
            ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
            aes_tests = aes_test_ecb_enc[u];
        }

        /*
         * AES-192 is an optional feature that may be unavailable when
         * there is an alternative underlying implementation i.e. when
         * MBEDTLS_AES_ALT is defined.
         */
        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
        {
            mbedtls_printf( "skipped\n" );
            continue;
        }
        else if( ret != 0 )
        {
            goto exit;
        }

        for( j = 0; j < 10000; j++ )
        {
            /*对buf[16]={0}的数据依次加密10000次,将结果存入buf中*/
            ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf );
            if( ret != 0 )
                goto exit;
        }

	/*比对加解密之后的数据是否和预期的结果一致*/
        if( memcmp( buf, aes_tests, 16 ) != 0 )
        {
            ret = 1;
            goto exit;
        }

        if( verbose != 0 )
            mbedtls_printf( "passed\n" );
    }

    if( verbose != 0 )
        mbedtls_printf( "\n" );

#if defined(MBEDTLS_CIPHER_MODE_CBC)
    /*
     * CBC mode
     */
    for( i = 0; i < 6; i++ )
    {
        u = i >> 1;
        keybits = 128 + u * 64;
        mode = i & 1;

        if( verbose != 0 )
            mbedtls_printf( "  AES-CBC-%3d (%s): ", keybits,
                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );

        memset( iv , 0, 16 );
        memset( prv, 0, 16 );
        memset( buf, 0, 16 );

        if( mode == MBEDTLS_AES_DECRYPT )
        {
            ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
            aes_tests = aes_test_cbc_dec[u];
        }
        else
        {
            ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
            aes_tests = aes_test_cbc_enc[u];
        }

        /*
         * AES-192 is an optional feature that may be unavailable when
         * there is an alternative underlying implementation i.e. when
         * MBEDTLS_AES_ALT is defined.
         */
        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
        {
            mbedtls_printf( "skipped\n" );
            continue;
        }
        else if( ret != 0 )
        {
            goto exit;
        }

        for( j = 0; j < 10000; j++ )
        {
            if( mode == MBEDTLS_AES_ENCRYPT )
            {
                unsigned char tmp[16];

                memcpy( tmp, prv, 16 );
                memcpy( prv, buf, 16 );
                memcpy( buf, tmp, 16 );
            }

            ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf );
            if( ret != 0 )
                goto exit;

        }

        if( memcmp( buf, aes_tests, 16 ) != 0 )
        {
            ret = 1;
            goto exit;
        }

        if( verbose != 0 )
            mbedtls_printf( "passed\n" );
    }

    if( verbose != 0 )
        mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CBC */

#if defined(MBEDTLS_CIPHER_MODE_CFB)
    /*
     * CFB128 mode
     */
    for( i = 0; i < 6; i++ )
    {
        u = i >> 1;
        keybits = 128 + u * 64;
        mode = i & 1;

        if( verbose != 0 )
            mbedtls_printf( "  AES-CFB128-%3d (%s): ", keybits,
                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );

        memcpy( iv,  aes_test_cfb128_iv, 16 );
        memcpy( key, aes_test_cfb128_key[u], keybits / 8 );

        offset = 0;
        ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
        /*
         * AES-192 is an optional feature that may be unavailable when
         * there is an alternative underlying implementation i.e. when
         * MBEDTLS_AES_ALT is defined.
         */
        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
        {
            mbedtls_printf( "skipped\n" );
            continue;
        }
        else if( ret != 0 )
        {
            goto exit;
        }

        if( mode == MBEDTLS_AES_DECRYPT )
        {
            memcpy( buf, aes_test_cfb128_ct[u], 64 );
            aes_tests = aes_test_cfb128_pt;
        }
        else
        {
            memcpy( buf, aes_test_cfb128_pt, 64 );
            aes_tests = aes_test_cfb128_ct[u];
        }

        ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf );
        if( ret != 0 )
            goto exit;

        if( memcmp( buf, aes_tests, 64 ) != 0 )
        {
            ret = 1;
            goto exit;
        }

        if( verbose != 0 )
            mbedtls_printf( "passed\n" );
    }

    if( verbose != 0 )
        mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CFB */

#if defined(MBEDTLS_CIPHER_MODE_OFB)
    /*
     * OFB mode
     */
    for( i = 0; i < 6; i++ )
    {
        u = i >> 1;
        keybits = 128 + u * 64;
        mode = i & 1;

        if( verbose != 0 )
            mbedtls_printf( "  AES-OFB-%3d (%s): ", keybits,
                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );

        memcpy( iv,  aes_test_ofb_iv, 16 );
        memcpy( key, aes_test_ofb_key[u], keybits / 8 );

        offset = 0;
        ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
        /*
         * AES-192 is an optional feature that may be unavailable when
         * there is an alternative underlying implementation i.e. when
         * MBEDTLS_AES_ALT is defined.
         */
        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
        {
            mbedtls_printf( "skipped\n" );
            continue;
        }
        else if( ret != 0 )
        {
            goto exit;
        }

        if( mode == MBEDTLS_AES_DECRYPT )
        {
            memcpy( buf, aes_test_ofb_ct[u], 64 );
            aes_tests = aes_test_ofb_pt;
        }
        else
        {
            memcpy( buf, aes_test_ofb_pt, 64 );
            aes_tests = aes_test_ofb_ct[u];
        }

        ret = mbedtls_aes_crypt_ofb( &ctx, 64, &offset, iv, buf, buf );
        if( ret != 0 )
            goto exit;

        if( memcmp( buf, aes_tests, 64 ) != 0 )
        {
            ret = 1;
            goto exit;
        }

        if( verbose != 0 )
            mbedtls_printf( "passed\n" );
    }

    if( verbose != 0 )
        mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_OFB */

#if defined(MBEDTLS_CIPHER_MODE_CTR)
    /*
     * CTR mode
     */
    for( i = 0; i < 6; i++ )
    {
        u = i >> 1;
        mode = i & 1;

        if( verbose != 0 )
            mbedtls_printf( "  AES-CTR-128 (%s): ",
                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );

        memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
        memcpy( key, aes_test_ctr_key[u], 16 );

        offset = 0;
        if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 )
            goto exit;

        len = aes_test_ctr_len[u];

        if( mode == MBEDTLS_AES_DECRYPT )
        {
            memcpy( buf, aes_test_ctr_ct[u], len );
            aes_tests = aes_test_ctr_pt[u];
        }
        else
        {
            memcpy( buf, aes_test_ctr_pt[u], len );
            aes_tests = aes_test_ctr_ct[u];
        }

        ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter,
                                     stream_block, buf, buf );
        if( ret != 0 )
            goto exit;

        if( memcmp( buf, aes_tests, len ) != 0 )
        {
            ret = 1;
            goto exit;
        }

        if( verbose != 0 )
            mbedtls_printf( "passed\n" );
    }

    if( verbose != 0 )
        mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CTR */

#if defined(MBEDTLS_CIPHER_MODE_XTS)
    {
    static const int num_tests =
        sizeof(aes_test_xts_key) / sizeof(*aes_test_xts_key);
    mbedtls_aes_xts_context ctx_xts;

    /*
     * XTS mode
     */
    mbedtls_aes_xts_init( &ctx_xts );

    for( i = 0; i < num_tests << 1; i++ )
    {
        const unsigned char *data_unit;
        u = i >> 1;
        mode = i & 1;

        if( verbose != 0 )
            mbedtls_printf( "  AES-XTS-128 (%s): ",
                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );

        memset( key, 0, sizeof( key ) );
        memcpy( key, aes_test_xts_key[u], 32 );
        data_unit = aes_test_xts_data_unit[u];

        len = sizeof( *aes_test_xts_ct32 );

        if( mode == MBEDTLS_AES_DECRYPT )
        {
            ret = mbedtls_aes_xts_setkey_dec( &ctx_xts, key, 256 );
            if( ret != 0)
                goto exit;
            memcpy( buf, aes_test_xts_ct32[u], len );
            aes_tests = aes_test_xts_pt32[u];
        }
        else
        {
            ret = mbedtls_aes_xts_setkey_enc( &ctx_xts, key, 256 );
            if( ret != 0)
                goto exit;
            memcpy( buf, aes_test_xts_pt32[u], len );
            aes_tests = aes_test_xts_ct32[u];
        }


        ret = mbedtls_aes_crypt_xts( &ctx_xts, mode, len, data_unit,
                                     buf, buf );
        if( ret != 0 )
            goto exit;

        if( memcmp( buf, aes_tests, len ) != 0 )
        {
            ret = 1;
            goto exit;
        }

        if( verbose != 0 )
            mbedtls_printf( "passed\n" );
    }

    if( verbose != 0 )
        mbedtls_printf( "\n" );

    mbedtls_aes_xts_free( &ctx_xts );
    }
#endif /* MBEDTLS_CIPHER_MODE_XTS */

    ret = 0;

exit:
    if( ret != 0 && verbose != 0 )
        mbedtls_printf( "failed\n" );

    mbedtls_aes_free( &ctx );

    return( ret );
}

#endif /* MBEDTLS_SELF_TEST */
田园诗人之园
关注
专栏目录
AES128 ECBCBC模式加密解密函数(C语言实现 -单片机/嵌入式)
04-24
ECB(Electronic Codebook)和CBC(Cipher Block Chaining)是AES128的两种主要工作模式,每种模式都有其独特的加密特点。 **ECB模式**: ECB是最基础的加密模式,它将明文数据分割成128位的块进行独立加密。每个块...
openssl与mbedtls互相aes加密解密
lala0903的博客
07-06 1011
上班访问外网限制,只能访问csdn,个人练习工程代码 文件读取 1k字节解密加密 256bit cbc模式 mbedtls加密 openssl解密 #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h&g
Mbed TLS 编码规范
aggresss
05-18 1681
https://tls.mbed.org/kb/development/mbedtls-coding-standards
STM32移植mbedtls实现AES加解密
Sanjay_Wu的博客
02-14 1万+
前言 在实际的物联网项目开发中,经常需要将设备采集到的数据远程传输到服务器端,设备也会接收远程服务器端下发过来的数据,这便是数据交互。如果这些数据只是通过明文方式 进行交互,那么是不安全的,那么就需要将数据进行加密和解密了。本文讲基于mbedtlsAES加解密在STM32上的使用,实现数据的加密和解密,举例ECBCBC两种方式。 一、移植mbedtls到STM32 在这里我们使用常...
在GD32F305平台上 mbedtls加密库实现RSA算法
rjinglan的博客
04-10 332
3.main.c 包含#include "mbedtls/rsa.h",在keil中添加路径。从运行结果看生成1024bit 秘钥对需要14秒钟,后面的加解密计算还是很快的。2.将mbedtls 库源文件加入工程。4. 在main函数添加如下代码。1.首先准备一个可用的GD工程。
STM32使用mbedtlsAES加密
果果小师弟的博客
10-18 2444
Author:果果小师弟 电子信息专业在读研究生 有一点思考,有一点想法,有一点理性! 定个小小目标,努力成为习惯!在最美的年华遇见更好的自己! CSDN@果果小师弟,CSDN首发,果果原创 唯一博客更新的地址为: ???? 果果小师弟的博客 ???? 一、安装mbedtls 转到keil官网http://www.keil.com/dd2/pack/ 找到ARM mbed Cryptographic and SSL/TLS library for Cortex-M devices并下下载 2.安装下载
mbedtls学习(3)对称加密算法
jiang_2018的博客
11-17 3368
对称加密 使用相同密钥进行加密明文和解密密文的算法,有AES、DES、3DES,这些算法单次只能处理一个固定长度的数据。比如AES算法单次只能处理128bit数据,所以需要分组密码模式和填充方式处理 分组密码模式 ECB(Electronic Codebook)电子密码本模式 将明文进行分组加密,加密结果为密文分组,一个明文分组对应一个密文分组 CBC(cipher block chai...
Java 实现AESCBC/CFB模式的加密解密源码
02-08
完整能运行的java AES源代码,需要官网手工下载local_policy.jar 和 US_export_policy.jar文件覆盖java安装目录的文件,才能使用CFB模式。下载地址为: ... //java -jar testAES.jar --generate-key ./key.txt 256 ...
mbedtls RSA加解密
最新发布
05-28
5. **数据解密**:对应的解密过程是mbedtls_rsa_pkcs1_decrypt()。它使用私钥解密之前加密的密文,恢复原始明文数据。 6. **签名与验证**:在mbedtls中,RSA还可以用于数字签名。使用mbedtls_rsa_pkcs1_sign()生成...
AES/ECB/PKCS5Padding C++实现
08-25
**AES(高级加密标准)**是目前广泛应用的一种对称加密算法,全称为Advanced Encryption Standard。...更安全的模式如CBC(链式模式)、CFB(密文反馈模式)和GCM(计数器模式加认证)等常用于更复杂的需求。
AES.zip_AES_DECRYPT_Encrypt Decrypt_aes encrypt decrypt_zip
09-22
AES的工作模式包括ECB(电子密码本)、CBC(密码分组链接)、CFB(密码反馈)、OFB(输出反馈)和CTR(计数器)等,这些模式在加密过程中各有特点和应用场景。 AES加密过程主要包括以下步骤: 1. 关键扩展:AES使用...
mbedtls学习--对称加密算法
言京的博客
06-29 3575
对称加密算法 Alice和Bob持有相同的共享秘钥,通过秘钥加解密数据。对称加密算法包括AES、DES和3DES等多种算法。对称加密算法需要对数据进行分组。 分组密码模式 ECB Electric Codebook 电子密码本模式,明文与密文一一对应,有明显缺陷。 CBC Cipher Block Chaining 密码分组链接模式,每一组明文在加密前都与前面的密文分组进行异或操作。与第一个分组进行异或的“密文分组”称为初始化向量IV。初始化向量一般由伪随机数生成器派生,IV不可泄露。CBC模式无法抵御选
Mbedtls加密组件库使用
专注基础架构领域
10-26 6645
下载与安装 github的下载:https://github.com/ARMmbed/mbedtls 官网下载:https://tls.mbed.org mbedtls-2.6.0库我们要在工程中引用的目录有include,library和visualc这3文件夹: include: 库头文件所在 library:库源文件(.c)所在 visualc:工程文件所在,使用VS2010...
mbedtls加密组件库使用
weixin_30344995的博客
11-09 1325
下载与安装 github的下载:https://github.com/ARMmbed/mbedtls 官网下载:https://tls.mbed.org mbedtls-2.6.0库我们要在工程中引用的目录有include,library和visualc这3文件夹: include: 库头文件所在 library:库源文件(.c)所在 visualc:工程文件所在...
AES在openssl和mbedtls中的简单代码示例
热门推荐
天天water的专栏
11-09 1万+
在openssl中:// AES_test.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include #include #include #include #include #pragma comment(lib,"libeay32.lib") //FIXME
mbedtls移植体验
baron-周贺贺-代码改变世界ctw
01-03 1777
1、下载mbedtls源码 git clone https://github.com/ARMmbed/mbedtls.git 2、下载程序编写的目标 (我自己的/通用的) git clone https://gitee.com/baron_zz/code_template.git 3、拷贝native_c_template命名为mbedtls_test cp native_c_template mbedtls_test -r 4、将mbedtls 中的libary、include目录拷贝到mbe
基于C++中的openSSL库实现AES算法中CTRECBCBCCFBOFB这5种分组模式的加密和解密
05-31
好的,我会尽力回答你的问题。首先,需要注意的是,OpenSSL库提供了AES算法的实现,但是并没有提供5种分组模式的加密和解密的具体实现,需要我们自己编写代码实现。 以下是C++中使用OpenSSL库实现5种分组模式的AES算法加密和解密的示例代码,其中使用了ECB分组模式作为示例(其他分组模式的实现方法类似): ```c++ #include <openssl/aes.h> #include <iostream> #include <cstring> using namespace std; // ECB模式加密 int aes_ecb_encrypt(unsigned char *in, int in_len, unsigned char *out, unsigned char *key, int key_len) { AES_KEY aes_key; if (AES_set_encrypt_key(key, key_len * 8, &aes_key) < 0) { return -1; } int padding = AES_BLOCK_SIZE - in_len % AES_BLOCK_SIZE; int new_len = in_len + padding; unsigned char *padded_in = new unsigned char[new_len]; memcpy(padded_in, in, in_len); memset(padded_in + in_len, padding, padding); for (int i = 0; i < new_len; i += AES_BLOCK_SIZE) { AES_encrypt(padded_in + i, out + i, &aes_key); } delete[] padded_in; return new_len; } // ECB模式解密 int aes_ecb_decrypt(unsigned char *in, int in_len, unsigned char *out, unsigned char *key, int key_len) { AES_KEY aes_key; if (AES_set_decrypt_key(key, key_len * 8, &aes_key) < 0) { return -1; } for (int i = 0; i < in_len; i += AES_BLOCK_SIZE) { AES_decrypt(in + i, out + i, &aes_key); } int padding = out[in_len - 1]; return in_len - padding; } int main() { unsigned char in[] = "Hello World!"; unsigned char key[] = "1234567890123456"; int in_len = strlen((char *)in); int key_len = strlen((char *)key); int out_len = in_len + AES_BLOCK_SIZE; unsigned char *out = new unsigned char[out_len]; memset(out, 0, out_len); // ECB模式加密 int encrypt_len = aes_ecb_encrypt(in, in_len, out, key, key_len); cout << "ECB encrypt: "; for (int i = 0; i < encrypt_len; i++) { printf("%02x", out[i]); } cout << endl; // ECB模式解密 unsigned char *decrypt_out = new unsigned char[out_len]; memset(decrypt_out, 0, out_len); int decrypt_len = aes_ecb_decrypt(out, encrypt_len, decrypt_out, key, key_len); cout << "ECB decrypt: " << string((char *)decrypt_out, decrypt_len) << endl; delete[] out; delete[] decrypt_out; return 0; } ``` 以上代码中使用了OpenSSL库的AES函数进行加密和解密。其中,ECB模式加密的函数为`aes_ecb_encrypt`,解密的函数为`aes_ecb_decrypt`。这些函数的实现方式可以类比实现其他分组模式的加密和解密函数。 需要注意的是,这里的输入和输出数据均为字节数组,需要根据具体应用进行调整。 希望以上代码对你有所帮助!
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值