20.4 OpenSSL 套接字AES加密传输

在读者了解了加密算法的具体使用流程后,那么我们就可以使用这些加密算法对网络中的数据包进行加密处理,加密算法此处我们先采用AES算法,在网络通信中,只需要在发送数据之前对特定字符串进行加密处理,而在接收到数据后在使用相同的算法对数据进行恢复即可,读者如果有了套接字编程的基础,那么理解这段代码将变得很容易。

首先来看服务端代码片段,服务端在接受数据之前通过初始化aes_key变量设置一个加密密钥,在收到recv()数据后,直接调用AES函数实现解密,当解密完成后则直接输出原始字符串。

#include <iostream>
#include <winsock2.h>
#include <WS2tcpip.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/aes.h>
#include <openssl/crypto.h>

extern "C"
{
#include <openssl/applink.c>
}

#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib,"libssl_static.lib")
#pragma comment(lib,"libcrypto.lib")

// AES加密与解密
void AES(unsigned char* InBuff, unsigned char* OutBuff, unsigned char* key, char* Type)
{
if (strcmp(Type, "encode") == 0)
{
AES_KEY AESEncryptKey;
AES_set_encrypt_key(key, 256, &AESEncryptKey);
AES_encrypt(InBuff, OutBuff, &AESEncryptKey);
}
else if (strcmp(Type, "decode") == 0)
{
AES_KEY AESDecryptKey;
AES_set_decrypt_key(key, 256, &AESDecryptKey);
AES_decrypt(InBuff, OutBuff, &AESDecryptKey);
}
}

int main(int argc, char* argv[])
{
WSADATA WSAData;
WSAStartup(MAKEWORD(2, 0), &WSAData);

SOCKET server_socket;
server_socket = socket(AF_INET, SOCK_STREAM, 0);

struct sockaddr_in ServerAddr;
ServerAddr.sin_family = AF_INET;
ServerAddr.sin_port = htons(9999);
ServerAddr.sin_addr.s_addr = inet_addr("127.0.0.1");

bind(server_socket, (LPSOCKADDR)&ServerAddr, sizeof(ServerAddr));
listen(server_socket, 10);

SOCKET message_socket;
if ((message_socket = accept(server_socket, (LPSOCKADDR)0, (int*)0)) != INVALID_SOCKET)
{
// 生成AES密钥
unsigned char aes_key[32] = { 0x11,0x22,0x33,0x44 };

// 使用RSA私钥加密AES的密钥,并发给客户端
char* encrypt = nullptr;
int encrypt_length = 0;

// 接收客户端发来的AES数据,解密输出
unsigned char Buffer[1024] = {0};
unsigned char DecodeBuf[1024] = { 0 };

recv(message_socket, (char *)Buffer, 1024, 0);
std::cout << "接收加密长度: " << strlen((char *)Buffer) << std::endl;

AES(Buffer, DecodeBuf, aes_key, (char*)"decode");
std::cout << "解密内容: " << DecodeBuf << std::endl;

}
closesocket(server_socket);
WSACleanup();

system("pause");
return 0;
}

接着是客户端代码,如下所示,首先设置aes_key密钥对,此处需要保持服务端与客户端密钥的一致性,在发送数据之前先调用AES算法对字符串进行加密处理,接着在调用send函数将加密后的字节序传输到服务器端。

#include <iostream>
#include <winsock2.h>
#include <WS2tcpip.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/aes.h>
#include <openssl/crypto.h>

extern "C"
{
#include <openssl/applink.c>
}

#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib,"libssl_static.lib")
#pragma comment(lib,"libcrypto.lib")

// AES 加密与解密
void AES(unsigned char* InBuff, unsigned char* OutBuff, unsigned char* key, char* Type)
{
if (strcmp(Type, "encode") == 0)
{
AES_KEY AESEncryptKey;
AES_set_encrypt_key(key, 256, &AESEncryptKey);
AES_encrypt(InBuff, OutBuff, &AESEncryptKey);
}
else if (strcmp(Type, "decode") == 0)
{
AES_KEY AESDecryptKey;
AES_set_decrypt_key(key, 256, &AESDecryptKey);
AES_decrypt(InBuff, OutBuff, &AESDecryptKey);
}
}

int main(int argc, char* argv[])
{
WSADATA WSAData;
WSAStartup(MAKEWORD(2, 0), &WSAData);
SOCKET client_socket;
client_socket = socket(AF_INET, SOCK_STREAM, 0);

struct sockaddr_in ClientAddr;
ClientAddr.sin_family = AF_INET;
ClientAddr.sin_port = htons(9999);
ClientAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
if (connect(client_socket, (LPSOCKADDR)&ClientAddr, sizeof(ClientAddr)) != SOCKET_ERROR)
{
unsigned char aes_key[32] = { 0x11,0x22,0x33,0x44 };

// 使用AES加密数据,并发送给服务端
char Buffer[1024] = "hello lyshark";
unsigned char EncodeBuf[1024] = { 0 };

AES((unsigned char *)Buffer, EncodeBuf, aes_key, (char*)"encode");
std::cout << "发送加密长度: " << strlen((char *)EncodeBuf) << std::endl;
send(client_socket, (char *)EncodeBuf, 1024, 0);

closesocket(client_socket);
WSACleanup();
}

system("pause");
return 0;
}

读者可自行编译上方代码,首先运行服务端然后再运行客户端,至此数据会被加密传输到对端,并使用相同的方式解密,如下图所示;