最近项目中需要通过C语言实现AES算法,这里我通过Mbedtls库来进行实现。
1、下载Mbedtls
首先我们将Mbedtls代码放入到工程中,相关传送门如下:
官方网址是国外的下载慢,所以也附上本文使用到的Mbedtls代码,传送门如下:
2、引入Mbedtls头文件
这里我们在工程中的CMakeLists.txt中引入Mbedtls的头文件,代码如下:
# for debug
# add_compile_options(-g)
project("device-authentication")
cmake_minimum_required(VERSION 3.5)
INCLUDE_DIRECTORIES(
../include/
../../src/net/mbedtls/include
../../src/smalgo/sms4/include
)
SET(my_src_crypto
../../src/net/mbedtls/library/aes.c
../../src/net/mbedtls/library/aesni.c
../../src/net/mbedtls/library/base64.c
../../src/net/mbedtls/library/rsa.c
../../src/net/mbedtls/library/rsa_internal.c
../../src/net/mbedtls/library/entropy.c
../../src/net/mbedtls/library/entropy_poll.c
../../src/net/mbedtls/library/bignum.c
../../src/net/mbedtls/library/sha1.c
../../src/net/mbedtls/library/sha256.c
../../src/net/mbedtls/library/sha512.c
../../src/net/mbedtls/library/md.c
../../src/net/mbedtls/library/md5.c
../../src/net/mbedtls/library/md_wrap.c
../../src/net/mbedtls/library/ripemd160.c
../../src/net/mbedtls/library/platform_util.c
../../src/net/mbedtls/library/oid.c
../../src/net/mbedtls/library/timing.c
../../src/net/mbedtls/library/net_sockets.c
../../src/smalgo/sms4/cbc128.c
../../src/smalgo/sms4/sms4_cbc.c
../../src/smalgo/sms4/sms4_common.c
../../src/smalgo/sms4/sms4_enc.c
../../src/smalgo/sms4/sms4_setkey.c
)
SET(my_src_crypto_dbg
../../src/net/mbedtls/library/ctr_drbg.c
)
SET(SRC_LIST_ENCRYPT_BIN
oem_porting.c
sdk_porting.c
authref.c
test.c
${my_src_crypto}
${my_src_crypto_dbg}
)
SET(SRC_LIST_DECRYPT_LIB
oem_porting.c
sdk_porting.c
authref.c
auth.c
${my_src_crypto}
${my_src_crypto_dbg}
)
#SET(SRC_LIST_AUTH_DEV
# oem_porting.c
# sdk_porting.c
# authref.c
# ${my_src_crypto}
# ${my_src_crypto_dbg}
#)
add_definitions(-fPIC)
#ADD_LIBRARY(authd STATIC ${SRC_LIST_AUTH_DEV})
ADD_LIBRARY(authoal STATIC ${SRC_LIST_DECRYPT_LIB})
ADD_EXECUTABLE(eaidkAuth ${SRC_LIST_ENCRYPT_BIN})
工程结构如下:
引入完成之后我们就可以开始AES代码编写。
3、AES代码编写
authref.h 头文件代码如下:
#ifndef __AUTHREF_H__
#define __AUTHREF_H__
#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#undef DEBUG
#define AES_KEY_SIZE 48
#define AES_IV_LEN 16
#ifdef __cplusplus
extern "C" {
#endif
// aes加密
// aes_key -- 最长48字节
// iv -- 最长16字节
// plaintext -- 待加密文本
// ciphertext -- 加密得到的文本
// len -- len should be 16*N bytes
// return – 0 for ok, else for error
int aes_cbc_encryp(uint8_t *aes_key, uint8_t *iv, uint8_t *plaintext, uint8_t *ciphertext, uint32_t len);
// aes解密
// aes_key -- 最长48字节
// iv -- 最长16字节
// ciphertext -- 待解密的文本
// plaintext -- 解密好的文本
// len -- len should be 16*N bytes
// return – 0 for ok, else for error
int aes_cbc_decryp(uint8_t *aes_key, uint8_t *iv, uint8_t *ciphertext, uint8_t *plaintext, uint32_t len);
#ifdef __cplusplus
}
#endif
#endif //__AUTHREF_H__
authref.c 代码如下:
#include "authref.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/aes.h"
//len should be 16*N bytes
int aes_cbc_encryp(uint8_t *aes_key, uint8_t *iv, uint8_t *plaintext, uint8_t *ciphertext, uint32_t len) {
int i;
int blk = (len + 15) >> 4;
mbedtls_aes_context aes_ctx;
mbedtls_aes_init(&aes_ctx);
//setkey_dec
mbedtls_aes_setkey_enc(&aes_ctx, aes_key, 256);
for (i = 0; i < blk; ++i) {
mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_ENCRYPT, 16, iv, plaintext + (i * 16), ciphertext + (i * 16));
}
mbedtls_aes_free(&aes_ctx);
return 0; //OK
}
//len should be 16*N bytes
int aes_cbc_decryp(uint8_t *aes_key, uint8_t *iv, uint8_t *ciphertext, uint8_t *plaintext, uint32_t len) {
int i;
int blk = (len + 15) >> 4;
mbedtls_aes_context aes_ctx;
mbedtls_aes_init(&aes_ctx);
//setkey_dec
mbedtls_aes_setkey_dec(&aes_ctx, aes_key, 256);
for (i = 0; i < blk; ++i) {
mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_DECRYPT, 16, iv, ciphertext + (i * 16), plaintext + (i * 16));
}
mbedtls_aes_free(&aes_ctx);
return 0; //OK
}
AES加/解密伪代码如下:
ret = aes_cbc_encryp(&key, &iv, uuid, (uint8_t*)&data, 64);
ret = aes_cbc_decryp(&key, &iv, uuid, (uint8_t*)&data, 64);
到此AES加解密介绍完成。
