调用openssl实现加解密算法

        由于工作中涉及到加解密，包括Hash（SHA256）算法、HMAC_SHA256 算法、ECDH算法、ECC签名算法、AES/CBC 128算法一共涉及5类算法，笔者通过查询发现openssl库以上算法都支持，索性借助openssl库实现上述5类算法。笔者用的openssl库版本为 OpenSSL 1.1.1k 。

Hash(SHA256)算法

算法代码如下：

#include <openssl/sha.h>
#include <iostream>
#include <iomanip>
#include <sstream>
#include <vector>// 将字节数组转换为十六进制字符串
// 将字节数组转换为十六进制字符串
std::string bytesToHex(const unsigned char* bytes, size_t length) {std::stringstream ss;ss << std::hex << std::setfill('0');for (size_t i = 0; i < length; ++i) {ss << std::setw(2) << (int)bytes[i];}return ss.str();
}int main() {// 原数据const std::string data = "6572B36A91E28FB900134C3010C445437DC04D04";// 创建一个SHA256上下文SHA256_CTX sha256;SHA256_Init(&sha256);// 更新上下文以包含要哈希的数据SHA256_Update(&sha256, data.c_str(), data.size());// 计算哈希值unsigned char hash[SHA256_DIGEST_LENGTH];SHA256_Final(hash, &sha256);// 将哈希值转换为十六进制字符串并输出std::string hashHex = bytesToHex(hash, SHA256_DIGEST_LENGTH);std::cout << "SHA256 hash: " << hashHex << std::endl;return 0;
}

运行结果如下：

HMAC_SHA256 算法

 算法代码如下：

#include <openssl/hmac.h>
#include <iostream>
#include <iomanip>
#include <sstream>
#include <cstring>// 将字节数组转换为十六进制字符串
std::string bytesToHex(const unsigned char* bytes, size_t length) {std::stringstream ss;ss << std::hex << std::setfill('0');for (size_t i = 0; i < length; ++i) {ss << std::setw(2) << (int)bytes[i];}return ss.str();
}int main() {// 要进行HMAC的数据const std::string data = "374D34303534424E39323330351000FFFFFFFFFF";// HMAC的密钥const std::string key = "c0df3585876ac6bb02bf6347b3654993";// 输出缓冲区unsigned char* hmacResult = new unsigned char[EVP_MAX_MD_SIZE];unsigned int hmacLen = 0;// 使用HMAC_SHA256进行计算HMAC_CTX* hmacCtx = HMAC_CTX_new();HMAC_Init_ex(hmacCtx, key.data(), key.size(), EVP_sha256(), NULL);HMAC_Update(hmacCtx, (unsigned char*)data.data(), data.size());HMAC_Final(hmacCtx, hmacResult, &hmacLen);// 将HMAC结果转换为十六进制字符串并输出std::string hmacHex = bytesToHex(hmacResult, hmacLen);std::cout << "HMAC_SHA256: " << hmacHex << std::endl;// 清理资源HMAC_CTX_free(hmacCtx);delete[] hmacResult;return 0;
}

 执行结果如下：

 ECDH算法

        这个算法没有找到网页端的在线工具验证，但是笔者根据我们这次给的案例验证如下：

笔者感觉上述给的最终生成的会话秘钥应该有问题，生成的会话秘钥应该是256bit。

算法代码如下：

#include <openssl/ec.h>
#include <openssl/bn.h>
#include <openssl/pem.h>
#include <iostream>
#include <iomanip>
#include <sstream>using namespace std;// 辅助函数，用于将十六进制字符串转换为 BIGNUM
BIGNUM* hex_to_BN(const std::string& hex) {BIGNUM* bn = BN_new();if (!BN_hex2bn(&bn, hex.c_str())) {BN_free(bn);throw std::runtime_error("Failed to convert hex to BIGNUM");}return bn;
}// 辅助函数，用于打印会话密钥
void print_session_key(const unsigned char* key, size_t key_len) {std::stringstream ss;ss << "Session Key: ";for (size_t i = 0; i < key_len; ++i) {ss << std::hex << std::setw(2) << std::setfill('0') << (int)key[i];}std::cout << ss.str() << std::endl;
}int main() {// 私钥十六进制串std::string privateKeyHex = "5904507894591f4b39308a51d5e2e25566a66366b1d6d952fba17de3af19235f";// 对端公钥十六进制串std::string publicKeyHex = "04fef2f1a2a0df9f75cda6e36268b7f62749cae378b7a5b9f311add58beaeadf3e49e41ac2acede766a21feaf354119f70ec3587f1054a1286ba08a1d866ef40ed";// 创建 EC_KEY 对象，使用 secp256r1 曲线EC_KEY* eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);if (!eckey) {std::cerr << "Error creating EC key with secp256r1 curve" << std::endl;return 1;}// 设置私钥BIGNUM* privateKeyBN = hex_to_BN(privateKeyHex);if (!EC_KEY_set_private_key(eckey, privateKeyBN)) {std::cerr << "Error setting private key" << std::endl;BN_free(privateKeyBN);EC_KEY_free(eckey);return 1;}BN_free(privateKeyBN); // EC_KEY_set_private_key 会复制 BN，所以可以安全释放// 解析对端公钥const EC_GROUP* group = EC_KEY_get0_group(eckey);EC_POINT* pubKeyPoint = EC_POINT_new(group);if (!EC_POINT_hex2point(group, publicKeyHex.c_str(), pubKeyPoint, NULL)) {std::cerr << "Error parsing public key" << std::endl;EC_POINT_free(pubKeyPoint);EC_KEY_free(eckey);return 1;}// 执行 ECDH 密钥交换unsigned char* session_key1 = (unsigned char*)OPENSSL_malloc(32);if (session_key1 == NULL) {std::cerr << "Error allocating memory for session keys" << std::endl;OPENSSL_free(session_key1);EC_KEY_free(eckey);return 1;}int ret = ECDH_compute_key(session_key1, 32, pubKeyPoint, eckey, NULL);if (ret < 0) {std::cerr << "Error computing shared secret" << std::endl;OPENSSL_free(session_key1);EC_POINT_free(pubKeyPoint);EC_KEY_free(eckey);return 1;}// 将共享密钥转换为十六进制字符串并打印print_session_key(session_key1, 32);// 清理资源OPENSSL_free(session_key1);EC_POINT_free(pubKeyPoint);EC_KEY_free(eckey);return 0;
}

执行结果为：

 ECC签名算法

算法代码如下：

#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/obj_mac.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <iostream>
#include <vector>
#include <cstring>// 将十六进制字符串转换为字节数组
std::vector<unsigned char> hex2bytes(const std::string& hex) {std::vector<unsigned char> bytes;for (size_t i = 0; i < hex.length(); i += 2) {std::string byteString = hex.substr(i, 2);unsigned char byte = (unsigned char) strtol(byteString.c_str(), nullptr, 16);bytes.push_back(byte);}return bytes;
}// 验证ECDSA签名
bool verify_ecdsa_signature(const std::string& public_key_hex, const std::string& data_hex, const std::string& signature_hex) {// 将十六进制字符串转换为字节数组std::vector<unsigned char> public_key_bytes = hex2bytes(public_key_hex);std::vector<unsigned char> data_bytes = hex2bytes(data_hex);std::vector<unsigned char> signature_bytes = hex2bytes(signature_hex);// 创建EC_KEY对象EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);if (!ec_key) {std::cerr << "Failed to create EC_KEY" << std::endl;return false;}// 从字节数组中解析公钥const unsigned char* p = public_key_bytes.data();ec_key = o2i_ECPublicKey(&ec_key, &p, public_key_bytes.size());if (!ec_key) {std::cerr << "Failed to parse public key" << std::endl;EC_KEY_free(ec_key);return false;}// 计算数据的哈希值（假设使用SHA-256）unsigned char hash[SHA256_DIGEST_LENGTH];SHA256_CTX sha256;SHA256_Init(&sha256);SHA256_Update(&sha256, data_bytes.data(), data_bytes.size());SHA256_Final(hash, &sha256);// 验证签名ECDSA_SIG* ec_sig = ECDSA_SIG_new();const unsigned char* sig = signature_bytes.data();ec_sig = d2i_ECDSA_SIG(&ec_sig, &sig, signature_bytes.size());if (!ec_sig) {std::cerr << "Failed to parse signature" << std::endl;EC_KEY_free(ec_key);return false;}int verify_result = ECDSA_do_verify(hash, SHA256_DIGEST_LENGTH, ec_sig, ec_key);if (verify_result != 1) {std::cerr << "Signature verification failed" << std::endl;ECDSA_SIG_free(ec_sig);EC_KEY_free(ec_key);return false;}// 释放资源ECDSA_SIG_free(ec_sig);EC_KEY_free(ec_key);return true;
}int main() {// 公钥、数据和签名的十六进制字符串std::string public_key_hex = "0467BF4978CB114972AE0AF84E22FD4099D1FF045F88830C41D9AC5CC4B4EBA17F8D1AB65884368BD47E1EF8A28A33EEE92BB6409AFB5217E0F120866B85913E0B";std::string data_hex = "03";std::string signature_hex = "3044022023FAE603D8A64BF004DCC56BCFD904F2E2E4AFCBD9DDF1F2C6F4EE1A4D7A1F3C0220708D8D63FBCD6BCA61B8827280F628074759C77104952307DD9C407F5B0B2C2D";// 验证签名bool is_valid = verify_ecdsa_signature(public_key_hex, data_hex, signature_hex);if (is_valid) {std::cout << "Signature is valid" << std::endl;} else {std::cout << "Signature is invalid" << std::endl;}return 0;
}

执行结果如下：

AES/CBC128算法 

 算法代码如下：

#include <openssl/aes.h>
#include <iostream>
#include <cstring>// 假设你的数据长度总是16字节的倍数
void aes_cbc_128_encrypt_nopadding(const unsigned char* key, unsigned char* iv,const unsigned char* input, unsigned char* output, size_t length) {AES_KEY aesKey;AES_set_encrypt_key(key, 256, &aesKey); // 设置256位AES加密密钥// 由于我们假设输入数据长度是16字节的倍数，我们可以直接加密for (size_t i = 0; i < length; i += AES_BLOCK_SIZE) {AES_cbc_encrypt(input + i, output + i, AES_BLOCK_SIZE, &aesKey, iv, AES_ENCRYPT);// 更新IV，对于CBC模式，每个块的IV是上一个块的密文std::memcpy(iv, output + i, AES_BLOCK_SIZE);}
}// 解密函数，使用256位AES密钥和CBC模式
void aes_cbc_128_decrypt_nopadding(const unsigned char* key, const unsigned char* iv,const unsigned char* input, unsigned char* output, size_t length) {AES_KEY aesKey;AES_set_decrypt_key(key, 256, &aesKey);// 在CBC模式下，解密时需要一个临时的IV，因为它会在解密过程中被更新unsigned char temp_iv[AES_BLOCK_SIZE];std::memcpy(temp_iv, iv, AES_BLOCK_SIZE);for (size_t i = 0; i < length; i += AES_BLOCK_SIZE) {AES_cbc_encrypt(input + i, output + i, AES_BLOCK_SIZE, &aesKey, temp_iv, AES_DECRYPT);// 更新临时IV为下一个块的密文（实际上是上一个块的明文）std::memcpy(temp_iv, input + i, AES_BLOCK_SIZE);}
}// 将十六进制字符串转换为字节数组
std::string hex2str(const std::string& hex) {std::string retStr;for (size_t i = 0; i < hex.length(); i += 2) {std::string byteString = hex.substr(i, 2);unsigned char byte = (unsigned char) strtol(byteString.c_str(), nullptr, 16);retStr += byte;}return retStr;
}int main() {// 256位（32字节）的AES密钥const std::string keyhex = "c5ba9981452fa728a10794730919aaa747ca54df2f21fab685bbd0fdb53f05fb";const std::string keystr = hex2str(keyhex);// 初始化向量（IV），需要与密钥长度相同，即16字节unsigned char iv[AES_BLOCK_SIZE] = {0x00};// 要加密的数据（确保长度是16字节的倍数）const std::string plaintexthex = "313131313131313131313131313131313232323232323232323232323232323230450221009F9B7BC16546FDFA85866AFE2761FAF6C1B018C99E6B7C6339FF47BA126E01990220558339565F469C3AD4EBA77AEE5C22C7C464449D6395FBC1158F1B589569336980000000000000000000000000000000000000000000000000";const std::string plaintext = hex2str(plaintexthex); // 正好是16字节unsigned char input[plaintext.size()], key[2 * AES_BLOCK_SIZE];std::copy(plaintext.begin(), plaintext.end(), input);std::copy(keystr.begin(), keystr.end(), key);// 输出缓冲区unsigned char output[plaintext.size()];unsigned char in2put[plaintext.size()];// 调用加密函数aes_cbc_128_encrypt_nopadding(key, iv, input, output, plaintext.size());// 输出加密后的数据（以十六进制形式）std::cout << "加密数据 ：";for (size_t i = 0; i < plaintext.size(); ++i) {printf("%02x", output[i]);}std::cout << std::endl;memset(iv, 0, AES_BLOCK_SIZE);// 调用解密函数aes_cbc_128_decrypt_nopadding(key, iv, output, in2put, plaintext.size());// 输出加密后的数据（以十六进制形式）std::cout << "解密数据 ：";for (size_t i = 0; i < plaintext.size(); ++i) {printf("%02x", in2put[i]);}std::cout << std::endl;return 0;
}

执行结果如下：