EVP mainly encapsulates the following functions:
1) has realized BASE64 codec BIO;;
2) Realizing the encryption and decryption of biological information; ;
3) realizing abstract creatures; ;
4) Reliable IO is realized;
5) encapsulation summarization algorithm;
6) package symmetric encryption and decryption algorithm;
7) The encryption (public key), decryption (private key), signature and verification and auxiliary functions of the asymmetric key are encapsulated;
8) Password-based encryption (PBE);
9) symmetric key processing;
10) Digital envelope: A digital envelope uses the other party's public key to encrypt a symmetric key, and uses this symmetric key to encrypt data. When sent to the other party, the symmetric key ciphertext and the data ciphertext are sent at the same time. The receiver first decrypts the key ciphertext with its own private key to obtain a symmetric key, and then decrypts the data with it.
1 1) Other auxiliary functions.
This article assumes that you have installed OpenSSL and have a copy of the source code of 1. 1. 1
The header files related to EVP are in evp.h, and the source files are in crypto/evp directory.
Because the function of EVP is too powerful, and my energy and level are limited, I only extract and explain some functions for the time being.
This structure defines the abstract method of summarization algorithm. Main field meaning:
Type NID of abstract algorithm.
PKEY _ TYPE- Key NID related to summarization algorithm.
MD _ size- Output size of summary value.
Flag-internal sign.
Init- Initializes the function.
Update-Enter the calculation function.
Final output calculation function.
Copy-Summary operation context copy function.
Cleanup-Summary operation context cleanup function.
Block _ size- grouping size of summary operation.
CTX size-Aggregate operation packet buffer size.
MD _ CTRL- Summarize the operation instruction control function.
The supported summarization algorithms include:
const EVP _ MD * EVP _ MD5(void);
const EVP _ MD * EVP _ sha 1(void);
const EVP _ MD * EVP _ sha 256(void);
const EVP _ MD * EVP _ sha 5 12(void);
Taking EVP_md5 () as an example, the return value is:
The following functions query the attribute information of md:
Sometimes we are not familiar with the summary algorithm used, and these functions are very helpful.
EVP _ MD _ CTX * EVP _ MD _ CTX _ new (void);
void EVP _ MD _ CTX _ free(EVP _ MD _ CTX * CTX);
These two functions are used to create and release symmetric summary context objects.
int EVP _ DigestInit(EVP _ MD _ CTX * CTX,const EVP _ MD * type);
The abstract context is initialized, and type is an abstract collection of abstract algorithms.
1 returned successfully, and 0 failed.
int EVP _ digest update(EVP _ MD _ CTX * CTX,const void *d,size _ t CNT);
Enter a piece of data in the sponge structure calculated in the summary.
1 returned successfully, and 0 failed.
int EVP _ digest final(EVP _ MD _ CTX * CTX,unsigned char *md,unsigned int * s);
Generate the final summary, and output the summary value and length.
1 returned successfully, and 0 failed.
int EVP_Digest(const void *data,size_t count,unsigned char *md,unsigned int *size,const EVP_MD *type,ENGINE * impl);
Calculate the summary of a short piece of data by a one-time method of packaging.
1 returned successfully, and 0 failed.
Structure evp_cipher_st {
int nid
int block _ size
/* Default value of variable-length password/
int key _ len
int iv _ len
/Various signs/
Unsigned long sign;
/init key/
Int (init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
Const unsigned char iv, intenc);
/Encrypt/decrypt data/
Int (do _ cipher) (EVP _ cipher _ CTX * CTX, unsigned char *out,
Const unsigned char in, size _ tinl);
/ cleanup ctx /
int(clean up)(EVP _ CIPHER _ CTX);
/How big is CTX-& gt;; Cipher_data needs to be/
int ctx _ size
/fill ASN 1_TYPE with parameter/
int(set _ ASN 1 _ parameters)(EVP _ CIPHER _ CTX *,ASN 1 _ TYPE);
/get parameters from ASN 1_TYPE/
int(get _ ASN 1 _ parameters)(EVP _ CIPHER _ CTX *,ASN 1 _ TYPE);
/Miscellaneous operations/
int ( ctrl) (EVP_CIPHER_CTX *,int type,int arg,void ptr);
/Application data */
void app _ data
}/EVP _ CIPHER */;
typedef struct EVP _ CIPHER _ ST EVP _ CIPHER;
This structure defines the abstract method of symmetric encryption algorithm. Main field meaning:
NID-NID of encryption algorithm.
Block _ size- packet size.
Key _ len- key length.
Iv _ len- initial vector length.
Flag-internal sign.
Init- Initializes the function.
Do _ cipher- intermediate operation function.
Cleaning-the last operation function.
CTX size-Context size.
Ctrl- controls the function.
App _ data- application data.
Supported cryptographic abstract encryption and decryption algorithms include:
const EVP _ CIPHER * EVP _ des _ ECB(void);
const EVP _ CIPHER * EVP _ des _ ede 3(void);
const EVP _ CIPHER * EVP _ AES _ 128 _ ECB(void);
const EVP _ CIPHER * EVP _ AES _ 128 _ CBC(void);
The following function queries the attribute information of the password:
int EVP _ CIPHER _ NID(const EVP _ CIPHER * CIPHER);
int EVP _ CIPHER _ type(const EVP _ CIPHER * CTX);
# define EVP _ cipher _ name (e) obj _ nid2sn (EVP _ cipher _ NID (e))
int EVP _ CIPHER _ block _ size(const EVP _ CIPHER * CIPHER);
Int EVP_CIPHER_key_length (constant EVP _ cipher * cipher);
int EVP _ CIPHER _ iv _ length(const EVP _ CIPHER * CIPHER);
Sometimes we are not familiar with the encryption algorithm used, and these functions are very helpful.
EVP _ CIPHER _ CTX * EVP _ CIPHER _ CTX _ new(void);
void EVP _ CIPHER _ CTX _ free(EVP _ CIPHER _ CTX * c);
These two functions are used to create and release symmetric encryption and decryption context objects.
int EVP _ CIPHER _ CTX _ set _ key _ length(EVP _ CIPHER _ CTX * x,int key len);
When the key length of symmetric algorithm is variable, set the key length of symmetric algorithm.
1 returned successfully, and 0 failed.
int EVP _ CIPHER _ CTX _ set _ padding(EVP _ CIPHER _ CTX * c,int pad);
Setting the filling of symmetric algorithm sometimes involves filling.
The values of Pad are 0 and 1. When pad is 1, padding is used. The default filling strategy adopts PKCS5 specification, that is, when the last packet is filled with n bytes, its filling value is n.
1 returned successfully, and 0 failed.
int EVP _ encrypt init(EVP _ CIPHER _ CTX * CTX,const EVP_CIPHER *cipher,const unsigned char *key,const unsigned char * iv);
Initializes a symmetric encryption context.
Adding 1 succeeded, and returning 0 if it failed.
int EVP _ encrypt update(EVP _ CIPHER _ CTX * CTX,unsigned char *out,int *outl,const unsigned char *in,int inl);
Encrypt plaintext.
Adding 1 succeeded, and returning 0 if it failed. On success, outl outputs the ciphertext length.
int EVP _ encrypt final(EVP _ CIPHER _ CTX * CTX,unsigned char *out,int * outl);
Encrypt the rest of the plaintext.
Adding 1 succeeded, and returning 0 if it failed. On success, outl outputs the ciphertext length.
int EVP _ decrypt init(EVP _ CIPHER _ CTX * CTX,const EVP_CIPHER *cipher,const unsigned char *key,const unsigned char * iv);
Initializes a symmetric decryption context.
Adding 1 succeeded, and returning 0 if it failed.
int EVP _ decrypt update(EVP _ CIPHER _ CTX * CTX,unsigned char *out,int *outl,const unsigned char *in,int inl);
Decrypt the ciphertext.
Adding 1 succeeded, and returning 0 if it failed. If successful, outl outputs plaintext length.
int EVP _ decrypt final(EVP _ CIPHER _ CTX * CTX,unsigned char *outm,int * outl);
Decrypt the remaining ciphertext.
Adding 1 succeeded, and returning 0 if it failed. If successful, outl outputs plaintext length.
int EVP _ BytesToKey(const EVP _ CIPHER * type,const EVP_MD *md,
Const unsigned char *salt,
Const unsigned char *data, int datal, int count
unsigned char *key,unsigned char * iv);
Calculate the key function, which calculates a symmetric key and initialization vector iv according to the algorithm type, abstract algorithm, salt and input data. Length of additional key.
This function is used in the PEM_do_header () function to generate the key according to the password.
This structure defines the storage container of asymmetric key information. Main field meaning:
Type NID of asymmetric encryption algorithm.
Save _ type- the saved PKEY type.
PKEY- Saved PKEY pointer, such as RSA structure pointer.
EVP _ PKEY * EVP _ PKEY _ new(void);
void EVP _ PKEY _ free(EVP _ PKEY * PKEY);
These two functions are used to create and release PKEY context objects.
int EVP _ PKEY _ assign(EVP _ PKEY * PKEY,int type,void * key);
Specifies the context structure of the algorithm type for the PKEY association. For example, the macro associated with RSA is defined as follows:
# define EVP_SignInit(a, b) EVP_DigestInit(a, b)
# define EVP_SignUpdate(a, b, c) EVP_DigestUpdate(a, b, c).
Intevp _ signfinal (EVP _ MD _ CTX * CTX, unsigned char *md, unsigned int *s,
EVP _ PKEY * PKEY);
Signature calculation. As can be seen from the macro definition, abstraction is actually calculation first, and then encryption with RSA private key.
Adding 1 succeeded, and returning 0 if it failed.
# define EVP _ verifiyinit (a, b) EVP_DigestInit(a, b)
# define EVP_VerifyUpdate(a, b, c) EVP_DigestUpdate(a, b, c).
int EVP _ verify final(EVP _ MD _ CTX * CTX,const unsigned char *sigbuf
unsigned int siglen,EVP _ PKEY * PKEY);
Check and sign the calculation results. As can be seen from the macro definition, the abstract is actually calculated first, then the signature is decrypted with RSA public key, and then compared with the abstract.
Adding 1 succeeded, and returning 0 if it failed.
The following example demonstrates the process of abstract calculation using two MD5 methods.
Output:
EVP_DigestInit() ret:[ 1]
EVP _ digest update()ret:[ 1]
EVP_DigestFinal() ret:[ 1]
e 380 e 88 e 8d 09 ebf 8d 8659 a 15b 0 ea 70 b 5
EVP_Digest() ret: 1
e 380 e 88 e 8d 09 ebf 8d 8659 a 15b 0 ea 70 b 5
The following example demonstrates the process of encryption and decryption using DES. For the convenience of program implementation, std::string is used as an exception.
Output:
EVP_EncryptInit() ret:[ 1]
EVP _ encrypt update()ret:[ 1]
Devil: [24]
EVP _ encrypt final()ret:[ 1]
nCipherLen:[8]
Password size: [32]
EVP_DecryptInit() ret:[ 1]
EVP _ decrypt update()ret:[ 1]
nTextLen:[24]
EVP _ decrypt final()ret:[ 1]
nTextLen:[2]
Text size: [26] Text: [abcdefghijklmnopqrstuvwxyz]
The following example demonstrates the process of RSA signature and signature verification calculation using SHA 1.
Output:
RSA _ generate _ key _ ex()ret:[ 1]
EVP _ PKEY _ assign _ RSA()ret:[ 1]
EVP_SignInit() ret:[ 1]
EVP_SignUpdate() ret:[ 1]
EVP_SignFinal() ret:[ 1]
sha 1 len:[64]
EVP_VerifyInit() ret:[ 1]
EVP _ verify update()ret:[ 1]
EVP_VerifyFinal() ret:[ 1]