20.4 OpenSSL 套接字AES加密传输-编程知识

20.4 OpenSSL 套接字AES加密传输

在读者了解了加密算法的具体使用流程后，那么我们就可以使用这些加密算法对网络中的数据包进行加密处理，加密算法此处我们先采用AES算法，在网络通信中，只需要在发送数据之前对特定字符串进行加密处理，而在接收到数据后在使用相同的算法对数据进行恢复即可，读者如果有了套接字编程的基础，那么理解这段代码将变得很容易。

首先来看服务端代码片段，服务端在接受数据之前通过初始化aes_key变量设置一个加密密钥，在收到recv()数据后，直接调用AES函数实现解密，当解密完成后则直接输出原始字符串。

#include <iostream>
#include <winsock2.h>
#include <WS2tcpip.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/aes.h>
#include <openssl/crypto.h>extern "C"
{
#include <openssl/applink.c>
}#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib,"libssl_static.lib")
#pragma comment(lib,"libcrypto.lib")// AES加密与解密
void AES(unsigned char* InBuff, unsigned char* OutBuff, unsigned char* key, char* Type)
{if (strcmp(Type, "encode") == 0){AES_KEY AESEncryptKey;AES_set_encrypt_key(key, 256, &AESEncryptKey);AES_encrypt(InBuff, OutBuff, &AESEncryptKey);}else if (strcmp(Type, "decode") == 0){AES_KEY AESDecryptKey;AES_set_decrypt_key(key, 256, &AESDecryptKey);AES_decrypt(InBuff, OutBuff, &AESDecryptKey);}
}int main(int argc, char* argv[])
{WSADATA WSAData;WSAStartup(MAKEWORD(2, 0), &WSAData);SOCKET server_socket;server_socket = socket(AF_INET, SOCK_STREAM, 0);struct sockaddr_in ServerAddr;ServerAddr.sin_family = AF_INET;ServerAddr.sin_port = htons(9999);ServerAddr.sin_addr.s_addr = inet_addr("127.0.0.1");bind(server_socket, (LPSOCKADDR)&ServerAddr, sizeof(ServerAddr));listen(server_socket, 10);SOCKET message_socket;if ((message_socket = accept(server_socket, (LPSOCKADDR)0, (int*)0)) != INVALID_SOCKET){// 生成AES密钥unsigned char aes_key[32] = { 0x11,0x22,0x33,0x44 };// 使用RSA私钥加密AES的密钥,并发给客户端char* encrypt = nullptr;int encrypt_length = 0;// 接收客户端发来的AES数据,解密输出unsigned char Buffer[1024] = {0};unsigned char DecodeBuf[1024] = { 0 };recv(message_socket, (char *)Buffer, 1024, 0);std::cout << "接收加密长度: " << strlen((char *)Buffer) << std::endl;AES(Buffer, DecodeBuf, aes_key, (char*)"decode");std::cout << "解密内容: " << DecodeBuf << std::endl;}closesocket(server_socket);WSACleanup();system("pause");return 0;
}

接着是客户端代码，如下所示，首先设置aes_key密钥对，此处需要保持服务端与客户端密钥的一致性，在发送数据之前先调用AES算法对字符串进行加密处理，接着在调用send函数将加密后的字节序传输到服务器端。

#include <iostream>
#include <winsock2.h>
#include <WS2tcpip.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/aes.h>
#include <openssl/crypto.h>extern "C"
{
#include <openssl/applink.c>
}#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib,"libssl_static.lib")
#pragma comment(lib,"libcrypto.lib")// AES 加密与解密
void AES(unsigned char* InBuff, unsigned char* OutBuff, unsigned char* key, char* Type)
{if (strcmp(Type, "encode") == 0){AES_KEY AESEncryptKey;AES_set_encrypt_key(key, 256, &AESEncryptKey);AES_encrypt(InBuff, OutBuff, &AESEncryptKey);}else if (strcmp(Type, "decode") == 0){AES_KEY AESDecryptKey;AES_set_decrypt_key(key, 256, &AESDecryptKey);AES_decrypt(InBuff, OutBuff, &AESDecryptKey);}
}int main(int argc, char* argv[])
{WSADATA WSAData;WSAStartup(MAKEWORD(2, 0), &WSAData);SOCKET client_socket;client_socket = socket(AF_INET, SOCK_STREAM, 0);struct sockaddr_in ClientAddr;ClientAddr.sin_family = AF_INET;ClientAddr.sin_port = htons(9999);ClientAddr.sin_addr.s_addr = inet_addr("127.0.0.1");if (connect(client_socket, (LPSOCKADDR)&ClientAddr, sizeof(ClientAddr)) != SOCKET_ERROR){unsigned char aes_key[32] = { 0x11,0x22,0x33,0x44 };// 使用AES加密数据,并发送给服务端char Buffer[1024] = "hello lyshark";unsigned char EncodeBuf[1024] = { 0 };AES((unsigned char *)Buffer, EncodeBuf, aes_key, (char*)"encode");std::cout << "发送加密长度: " << strlen((char *)EncodeBuf) << std::endl;send(client_socket, (char *)EncodeBuf, 1024, 0);closesocket(client_socket);WSACleanup();}system("pause");return 0;
}