代码示例：OpenSSL AES CBC 加密

初级代码游戏的专栏介绍与文章目录-CSDN博客

我的github：codetoys，所有代码都将会位于ctfc库中。已经放入库中我会指出在库中的位置。

这些代码大部分以Linux为目标但部分代码是纯C++的，可以在任何平台上使用。

---

这是一个基于OpenSSL的AES-CBC加密的例子，其中CBC是自行实现的，原因是OpenSSL的CBC始终有问题，可能是我还没做对吧。这个例程的目的是对配置数据加密，不用于对外交换，所以CBC有没写对我也不能担保------反正这个程序自己加密的自己解密是没问题的。

目录

[1 介绍](#1 介绍)

[2 代码概要](#2 代码概要)

[3 主要代码](#3 主要代码)

[4 辅助代码](#4 辅助代码)

[5 openSSL的AES用法](#5 openSSL的AES用法)

[5.1 设置KEY](#5.1 设置KEY)

[5.2 加密解密AES_encrypt/AES_decrypt](#5.2 加密解密AES_encrypt/AES_decrypt)

---

1 介绍

这个例程是基于CentOS7/8的，64位，OpenSSL大概是1.1，我也在windows上做了测试，代码可能需要修改，CBC的问题同样存在（所以我就放弃解决了，自己写了一个）。

使用OpenSSL需要头文件位置和库，如果头文件安装到标准位置则不需要-I参数，库是 -lssl -lcrypt

2 代码概要

//需要的OpenSSL的两个头文件
#include <openssl/aes.h>
#include <openssl/rand.h>

class CMyOpenSSL
{
private:
    //用来输出十六进制数据
	static void show_buf(char const* title, unsigned char const* buf, int len)
	{
		。。。。。。
	}
	//需要一个从用户密码生成密钥的函数
    //这个函数我没写，有标准算法从密码生成密钥，类似于对密码进行哈希
public:
    //这就是一般所说的"盐"
	class IV
	{
	private:
		unsigned char iv[AES_BLOCK_SIZE * 5];//其实不需要*5，但我原来就是这么写的，为了调试吧
	public:
		//执行异或
		static void XOR(unsigned char const * iv,unsigned char* data)
		{
			。。。。。。
		}
		//用随机数设置
		void Create()
		{
			。。。。。。
		}
    。。。。。。
	};
	//由于网上的例子也一样无法解密，所以自行实现CBC
	static void my_AES_cbc_encrypt(const unsigned char* in, unsigned char* out, size_t length, const AES_KEY* key, unsigned char* ivec, const int enc)
	{
		。。。。。。
	}
    //AES加密
	static int aes_encrypt(unsigned char const* userpasswd, int userpasswd_len, vector<unsigned char> const& in_plain, vector<unsigned char>& out_ciphertext, IV& iv)
	{
		。。。。。。
	}
    //AES解密
	static int aes_decrypt(unsigned char const* userpasswd, int userpasswd_len, vector<unsigned char> const& in_ciphertext, vector<unsigned char>& out_plain, IV& iv)
	{
		。。。。。。
	}
	//保护数据，用密码加密并做格式转换
	static bool protect_encode(CBuffer const& passwd, CBuffer const& input, CBuffer& output)
	{
		。。。。。。
	}
	//保护数据，用密码加密并做格式转换
	static bool protect_decode(CBuffer const& passwd, CBuffer const& input, CBuffer& output)
	{
		。。。。。。
	}
    //下面两个就是网上别人写的程序，一样得不到正确结果
	// a simple hex-print routine. could be modified to print 16 bytes-per-line
	static void hex_print(const void* pv, size_t len)
	{
		。。。。。。
	}

	// main entrypoint
	static int a()
	{
		。。。。。。
	}
    //测试代码
	static bool aes_test()
	{
		。。。。。。
	}
};

主要函数如下：

my_AES_cbc_encrypt 我自己写的AES-CBC加密和解密，调用了openSSL的AES_encrypt和AES_decrypt，想学习AES怎么用看看这个函数就可以了

aes_encrypt AES加密，调用了openSSL的AES_set_encrypt_key和我自己写的my_AES_cbc_encrypt，为了方便把明文长度作为第一个数据块

aes_decrypt AES解密，调用了openSSL的AES_set_decrypt_key和我自己写的my_AES_cbc_encrypt

protect_encode和protect_decode是我自己写的加密配置数据的方法，完全是自定义的

a 是网上找来的测试代码，证明AES-CBC确实有问题，不是我一个人的问题

3 主要代码

下面是主要代码，上面有一些注释是我临时加的，不在完整代码里面，还有一些辅助类后面列出。

#include <openssl/aes.h>
#include <openssl/rand.h>

class CMyOpenSSL
{
private:
	static unsigned char const ver;

	static void show_buf(char const* title, unsigned char const* buf, int len)
	{
		cout << title << " ";
		for (int i = 0; i < len; ++i)
		{
			cout << hex << setw(2) << setfill('0') << (unsigned int)buf[i] << " ";
		}
		cout << endl;
	}
	//需要一个从用户密码生成密钥的函数
public:
	class IV
	{
	private:
		unsigned char iv[AES_BLOCK_SIZE * 5];
	public:
		IV()
		{
			memset(iv, 0, AES_BLOCK_SIZE * 5);
		}
		//执行异或
		static void XOR(unsigned char const * iv,unsigned char* data)
		{
			//show_buf("IV  ", iv, AES_BLOCK_SIZE);
			//show_buf("DATA", data, AES_BLOCK_SIZE);
			for (int i = 0; i < AES_BLOCK_SIZE; ++i)
			{
				data[i] ^= iv[i];
			}
			//show_buf("DATA", data, AES_BLOCK_SIZE);
		}
		int size()const
		{
			return AES_BLOCK_SIZE;
		}
		//用随机数设置
		void Create()
		{
			time_t t = time(NULL);
			srand(t);
			for (int i = 0; i < AES_BLOCK_SIZE; i += sizeof(int))
			{
				int a = rand();
				memcpy(iv + i, &a, sizeof(int));
			}
		}
		void Set(unsigned char const* a)
		{
			memcpy(iv, a, AES_BLOCK_SIZE);
		}
		//注意，会修改内容
		unsigned char* Get()
		{
			//show_buf("", iv, AES_BLOCK_SIZE * 2);
			return iv;
		}
	};
	//由于网上的例子也一样无法解密，所以自行实现CBC
	static void my_AES_cbc_encrypt(const unsigned char* in, unsigned char* out, size_t length, const AES_KEY* key, unsigned char* ivec, const int enc)
	{
		for (int i = 0; i < length; i += AES_BLOCK_SIZE)
		{
			if (AES_ENCRYPT == enc)
			{
				unsigned char tmpin[AES_BLOCK_SIZE];
				memcpy(tmpin, in + i, AES_BLOCK_SIZE);
				IV::XOR(ivec, tmpin);
				AES_encrypt(tmpin, out + i, key);
				memcpy(ivec, out + i, AES_BLOCK_SIZE);
			}
			else
			{
				unsigned char tmpiv[AES_BLOCK_SIZE];
				memcpy(tmpiv, in + i, AES_BLOCK_SIZE);
				AES_decrypt(in + i, out + i, key);
				IV::XOR(ivec, out + i);
				memcpy(ivec, tmpiv, AES_BLOCK_SIZE);
			}
		}
	}
	static int aes_encrypt(unsigned char const* userpasswd, int userpasswd_len, vector<unsigned char> const& in_plain, vector<unsigned char>& out_ciphertext, IV& iv)
	{
		out_ciphertext.clear();
		unsigned char userkey[32];//必须是16/24/32
		memset((void*)userkey, '\0', 32);
		memcpy(userkey, userpasswd, (userpasswd_len > 32 ? 32 : userpasswd_len));
		/*设置加密key及密钥长度*/
		AES_KEY key;
		if (AES_set_encrypt_key(userkey, 32 * 8, &key) < 0)
		{
			return __LINE__;
		}

		int len = 0;
		/*循环加密，每次只能加密AES_BLOCK_SIZE长度的数据*/
		out_ciphertext.reserve(in_plain.size() + AES_BLOCK_SIZE);
		while (len < in_plain.size())
		{
			if (0 == len)
			{//第一个块是明文长度
				out_ciphertext.resize(out_ciphertext.size() + AES_BLOCK_SIZE);
				unsigned char tmp[AES_BLOCK_SIZE];
				memset((void*)tmp, '\0', AES_BLOCK_SIZE);
				long tmp_len = in_plain.size();
				memcpy(tmp, &tmp_len, sizeof(long));
				//show_buf("明文长度加密前 ", tmp, AES_BLOCK_SIZE);
				my_AES_cbc_encrypt(tmp, &out_ciphertext[out_ciphertext.size() - AES_BLOCK_SIZE], AES_BLOCK_SIZE, &key, iv.Get(), AES_ENCRYPT);
				//show_buf("明文长度加密后", &out_ciphertext[out_ciphertext.size() - AES_BLOCK_SIZE], AES_BLOCK_SIZE);
			}
			out_ciphertext.resize(out_ciphertext.size() + AES_BLOCK_SIZE);
			if (in_plain.size() - len < AES_BLOCK_SIZE)
			{
				unsigned char tmp[AES_BLOCK_SIZE];
				memset((void*)tmp, '\0', AES_BLOCK_SIZE);
				memcpy(tmp, &in_plain[len], in_plain.size() - len);
				my_AES_cbc_encrypt(tmp, &out_ciphertext[out_ciphertext.size() - AES_BLOCK_SIZE], AES_BLOCK_SIZE, &key, iv.Get(), AES_ENCRYPT);
			}
			else
			{
				my_AES_cbc_encrypt(&in_plain[len], &out_ciphertext[out_ciphertext.size() - AES_BLOCK_SIZE], AES_BLOCK_SIZE, &key, iv.Get(), AES_ENCRYPT);
			}
			len += AES_BLOCK_SIZE;
		}

		return 0;
	}
	static int aes_decrypt(unsigned char const* userpasswd, int userpasswd_len, vector<unsigned char> const& in_ciphertext, vector<unsigned char>& out_plain, IV& iv)
	{
		out_plain.clear();
		unsigned char userkey[32];//必须是16/24/32
		memset((void*)userkey, '\0', 32);
		memcpy(userkey, userpasswd, (userpasswd_len > 32 ? 32 : userpasswd_len));
		/*设置解密key及密钥长度*/
		AES_KEY key;
		if (AES_set_decrypt_key(userkey, 32 * 8, &key) < 0)
		{
			return __LINE__;
		}

		int len = 0;
		/*循环解密*/
		out_plain.reserve(in_ciphertext.size());
		long out_len = 0;//原始长度，放在第一个加密块
		while (len < in_ciphertext.size())
		{
			if (0 == len)
			{//第一个块是明文长度
				unsigned char tmp[AES_BLOCK_SIZE];
				//show_buf("明文长度解密前", &in_ciphertext[len], AES_BLOCK_SIZE);
				my_AES_cbc_encrypt(&in_ciphertext[len], tmp, AES_BLOCK_SIZE, &key, iv.Get(), AES_DECRYPT);
				//show_buf("明文长度解密后", tmp, AES_BLOCK_SIZE);
				memcpy(&out_len, tmp, sizeof(long));
				//thelog << "明文长度应该是 " << out_len << endi;
				len += AES_BLOCK_SIZE;
			}
			out_plain.resize(out_plain.size() + AES_BLOCK_SIZE);
			my_AES_cbc_encrypt(&in_ciphertext[len], &out_plain[out_plain.size() - AES_BLOCK_SIZE], AES_BLOCK_SIZE, &key, iv.Get(), AES_DECRYPT);
			len += AES_BLOCK_SIZE;
		}

		//恢复原始长度
		if (out_plain.size() > out_len)out_plain.resize(out_len);

		return 0;
	}
	//保护数据，用密码加密并做格式转换
	static bool protect_encode(CBuffer const& passwd, CBuffer const& input, CBuffer& output)
	{
		output.setSize(0);
		IV iv;
		iv.Create();

		CBuffer tmp;
		tmp.AddData(&ver, 1);//第一个字节是版本
		tmp.AddData(iv.Get(), iv.size());//然后是IV，必须在加密之前保存，加密之后会改变

		//加密
		vector<unsigned char> in_plain;
		in_plain.resize(input.size());
		memcpy(&in_plain[0], input.data(), input.size());
		vector<unsigned char> out_ciphertext;
		aes_encrypt(passwd.data(), passwd.size(), in_plain, out_ciphertext, iv);
		thelog << out_ciphertext.size() << endi;

		//添加加密后数据
		tmp.AddData(&out_ciphertext[0], out_ciphertext.size());
		thelog << tmp.size() << endi;

		output.reserve(tmp.size() * 4 / 3 + 4 + 1);//三字节转为4字节，编码函数在最后还会加上一个字符串结束符
		thelog << output.capacity() << " " << output.size() << endi;
		int n = CBase64::Base64Enc(output.lockBuffer(), tmp.data(), tmp.size());
		output.releaseBuffer();
		if (n > output.capacity())thelog << "长度不足" << ende;
		output.setSize(n);
		thelog << output.size() << " [" << output.data() << "]" << endi;

		return true;
	}
	//保护数据，用密码加密并做格式转换
	static bool protect_decode(CBuffer const& passwd, CBuffer const& input, CBuffer& output)
	{
		output.setSize(0);

		CBuffer tmp;
		//这里导致了奇怪的内存错误，实际并不需要这么长
		tmp.reserve(input.size() + 100);//实际需要的是4转3,解码函数最后会加上一个字符串结束符
		//thelog << input.size() << " " << tmp.capacity() << " " << tmp.size() << endi;
		int n = CBase64::Base64Dec(tmp.lockBuffer(), input.data(), input.size());
		tmp.releaseBuffer();
		if (n<0 || n > tmp.capacity())thelog << "长度不足" << ende;
		tmp.setSize(n);

		if (tmp.data()[0] != ver)
		{
			thelog << "加密版本错误" << ende;
			return false;
		}
		else
		{
			//thelog << "加密版本 " << (int)tmp.data()[0]<<" " << (int)ver << ende;
		}

		IV iv;
		iv.Set(tmp.data() + 1);

		vector<unsigned char> in_plain;
		in_plain.resize(tmp.size() - 1 - iv.size());
		memcpy(&in_plain[0], tmp.data() + 1 + iv.size(), tmp.size() - 1 - iv.size());
		//thelog << tmp.size() << " " << in_plain.size() << endi;
		vector<unsigned char> out_ciphertext;
		aes_decrypt(passwd.data(), passwd.size(), in_plain, out_ciphertext, iv);

		output.AddData(&out_ciphertext[0], out_ciphertext.size());

		return true;
	}
	// a simple hex-print routine. could be modified to print 16 bytes-per-line
	static void hex_print(const void* pv, size_t len)
	{
		const unsigned char* p = (const unsigned char*)pv;
		if (NULL == pv) {
			printf("NULL");
		}
		else {
			size_t i = 0;
			for (; i < len; ++i) {
				printf("%02X ", *p++);
			}
		}
		printf("\n");
	}

	// main entrypoint
	static int a()
	{
		int const keylength = 128;

		/* generate a key with a given length */
		unsigned char aes_key[keylength / 8];
		memset(aes_key, 0, keylength / 8);
		if (!RAND_bytes(aes_key, keylength / 8)) {
			exit(-1);
		}

		size_t const inputslength = 16;

		/* generate input with a given length */
		unsigned char aes_input[inputslength];
		memset(aes_input, 1, inputslength);

		/* init vector */
		unsigned char iv_enc[AES_BLOCK_SIZE], iv_dec[AES_BLOCK_SIZE];
		RAND_bytes(iv_enc, AES_BLOCK_SIZE);
		memcpy(iv_dec, iv_enc, AES_BLOCK_SIZE);

		// buffers for encryption and decryption
		const size_t encslength = ((inputslength + AES_BLOCK_SIZE) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
		unsigned char enc_out[encslength];
		unsigned char dec_out[inputslength];
		memset(enc_out, 0, sizeof(enc_out));
		memset(dec_out, 0, sizeof(dec_out));

		// so i can do with this aes-cbc-128 aes-cbc-192 aes-cbc-256
		AES_KEY enc_key, dec_key;
		AES_set_encrypt_key(aes_key, keylength, &enc_key);
		AES_cbc_encrypt(aes_input, enc_out, inputslength, &enc_key, iv_enc, AES_ENCRYPT);

		AES_set_decrypt_key(aes_key, keylength, &dec_key);
		AES_cbc_encrypt(enc_out, dec_out, encslength, &dec_key, iv_dec, AES_DECRYPT);

		printf("original:\t");
		hex_print(aes_input, sizeof(aes_input));

		printf("encrypt:\t");
		hex_print(enc_out, sizeof(enc_out));

		printf("decrypt:\t");
		hex_print(dec_out, sizeof(dec_out));

		return 0;
	}
	static bool aes_test()
	{
		if (true)
		{
			unsigned char userkey[32];//必须是16/24/32
			memset((void*)userkey, '\0', 32);
			memcpy(userkey, "12345", 5);
			AES_KEY key;
			if (AES_set_encrypt_key(userkey, 16 * 8, &key) < 0)
			{
				return __LINE__;
			}
			unsigned char iv[AES_BLOCK_SIZE];
			unsigned char data[AES_BLOCK_SIZE];
			memset(data, 1, AES_BLOCK_SIZE);
			unsigned char data2[AES_BLOCK_SIZE];
			memset(data2, 0, AES_BLOCK_SIZE);
			unsigned char data3[AES_BLOCK_SIZE * 3];
			memset(data3, 0, AES_BLOCK_SIZE * 3);

			memset(iv, 0, AES_BLOCK_SIZE);
			show_buf("简单输入 ", data, AES_BLOCK_SIZE);
			show_buf("iv ", iv, AES_BLOCK_SIZE);
			AES_cbc_encrypt(data, data2, AES_BLOCK_SIZE, &key, iv, AES_ENCRYPT);
			show_buf("加密后   ", data2, AES_BLOCK_SIZE);
			show_buf("iv ", iv, AES_BLOCK_SIZE);

			if (AES_set_decrypt_key(userkey, 16 * 8, &key) < 0)
			{
				return __LINE__;
			}
			memset(iv, 0, AES_BLOCK_SIZE);
			show_buf("解密前   ", data2, AES_BLOCK_SIZE);
			show_buf("iv ", iv, AES_BLOCK_SIZE);
			AES_cbc_encrypt(data2, data3, AES_BLOCK_SIZE, &key, iv, AES_DECRYPT);
			show_buf("简单输出 ", data3, AES_BLOCK_SIZE * 3);
			show_buf("iv ", iv, AES_BLOCK_SIZE);

			a();
		}
		if (true)
		{
			string passwd = "13579";
			vector<unsigned char> plaintext;
			for (int i = 0; i < 65; ++i)
			{
				plaintext.push_back(i);
			}
			vector<unsigned char> out;
			IV iv;
			iv.Create();
			IV iv2;
			iv2.Set(iv.Get());
			//show_buf("初始IV", iv.Get(), iv.size());
			aes_encrypt((unsigned char*)passwd.c_str(), passwd.size(), plaintext, out, iv);
			vector<unsigned char> plaintext2;
			//show_buf("初始IV", iv2.Get(), iv2.size());
			aes_decrypt((unsigned char*)passwd.c_str(), passwd.size(), out, plaintext2, iv2);

			thelog << plaintext.size() << " " << out.size() << " " << plaintext2.size() << ENDI;
			printf("plantext2: \n");
			for (int i = 0; i < plaintext2.size(); i++)
			{
				printf("%.2x ", plaintext2[i]);
				if ((i + 1) % 32 == 0)
				{
					printf("\n");
				}
			}
			printf("\n");
		}

		if (true)
		{
			try
			{
				char const* plaintext = "1234567890";
				CBuffer pass;
				CBuffer in;
				CBuffer out;
				pass.SetData("123");
				in.SetData(plaintext);
				thelog << in.data() << endi;
				protect_encode(pass, in, out);
				thelog << out.size() << " [" << out.data() << "]" << endi;
				CBuffer out2;
				if (!protect_decode(pass, out, out2))thelog << "解码失败" << ende;
				thelog << out2.data() << endi;
				if (0 == strcmp(plaintext, (char*)out2.data()))
				{
					thelog << "匹配成功" << endi;
				}
				else
				{
					thelog << "匹配失败" << ende;
				}
				//out2.lockBuffer();
				//out2.setSize(10240);
			}
			catch (...)
			{
				thelog << "异常发生" << ende;
			}
		}

		return true;
	}
};

4 辅助代码

thelog可以替换为cout，endi、ende可以替换为endl。

CBuffer就是个包装的缓冲区，代码如下：

	//内部隐含保持一个结束符，不计算在容量和大小之内，确保数据可以被当作字符串使用
	class CBuffer
	{
	private:
		string name;
		unsigned char* p = NULL;
		size_t buffer_size = 0;
		size_t data_size = 0;
		bool bLockBuffer = false;

		void _init()
		{
			static int i = 0;
			char buf[64];
			sprintf(buf, "CBuffer%d", i++);
			name = buf;

			if (p)throw "p不为空指针";
			p = new unsigned char[1];
			if (!p)throw "内存不足";
			p[0] = '\0';
			buffer_size = 0;
		}
	public:
		CBuffer()
		{
			_init();
		}
		CBuffer(CBuffer const & tmp)
		{
			_init();
			SetData(tmp.data(), tmp.data_size);
		}
		CBuffer & operator=(CBuffer const & tmp)
		{
			_init();
			SetData(tmp.data(), tmp.data_size);
			return *this;
		}
		~CBuffer()
		{
			//cout << "~CBuffer " << name <<" "<<(long)p<<" "<< buffer_size<<" "<<data_size << endl;
			if (p)delete[]p;
			data_size = 0;
			buffer_size = 0;
			p = NULL;
		}
		size_t capacity()const { return buffer_size; }
		size_t size()const { return data_size; }
		unsigned char const * data()const { return p; }
		unsigned char* lockBuffer()
		{
			bLockBuffer = true;
			return p;
		}
		void releaseBuffer() { bLockBuffer = false; }
		void setSize(long s)
		{
			reserve(s);
			p[s] = '\0';
			data_size = s;
		}
		bool reserve(size_t n)
		{
			if (n > buffer_size)
			{
				if (bLockBuffer)
				{
					cout << "缓冲区已锁定" << endl;
					throw "缓冲区已锁定";
				}
				//cout << name << " "<< "reserve "  << (long)p << " " << buffer_size << " " << data_size << endl;
				//cout << name<<"需要扩展 " << buffer_size << " -> " << n << endl;
				unsigned char * p2 = new unsigned char[n + 1];
				if (p2)
				{
					if (p)
					{
						memmove(p2, p, data_size);
						delete[]p;
					}
					buffer_size = n;
					p2[data_size] = '\0';
					p = p2;
					//cout << name<< "扩展成功 " << buffer_size << " -> " << n << endl;
					return true;
				}
				else
				{
					//cout << name<<"扩展失败 " << buffer_size << " -> " << n << endl;
					return false;
				}
			}
			return true;
		}
		bool AddData(void const * data, long len)
		{
			if (!reserve(data_size + len))return false;
			memmove(p + data_size, data, len);
			setSize(data_size + len);
			return true;
		}
		bool SetData(char const * sz)
		{
			setSize(0);
			return AddData((void *)sz, strlen(sz));
		}
		bool SetData(unsigned char const* sz, long len)
		{
			return SetData((char const*)sz,len);
		}
		bool SetData(char const* sz, long len)
		{
			setSize(0);
			return AddData((void *)sz, len);
		}
		bool Compare(CBuffer const & tmp)const
		{
			if (data_size != tmp.data_size)return false;
			if (data_size > 0)return 0 == memcmp(tmp.data(), data(), data_size);
			else return true;
		}
	};

CBase64是Base64编码，代码如下：

	class CBase64
	{
	public:
		static int Base64Enc(unsigned char *buf, unsigned char const *text,int size)
		{ 
			static unsigned char const * base64_encoding = (unsigned char const*)"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
			int buflen = 0; 

			while(size>0)
			{
				*buf++ = base64_encoding[ (text[0] >> 2 ) & 0x3f];
				if(size>2)
				{
					*buf++ = base64_encoding[((text[0] & 3) << 4) | (text[1] >> 4)];
					*buf++ = base64_encoding[((text[1] & 0xF) << 2) | (text[2] >> 6)];
					*buf++ = base64_encoding[text[2] & 0x3F];
				}
				else
				{
					switch(size)
					{
					case 1:
						*buf++ = base64_encoding[(text[0] & 3L) << 4L ];
						*buf++ = '=';
						*buf++ = '=';
						break;
					case 2: 
						*buf++ = base64_encoding[((text[0] & 3) << 4) | (text[1] >> 4)]; 
						*buf++ = base64_encoding[((text[1] & 0x0F) << 2) | (text[2] >> 6)]; 
						*buf++ = '='; 
						break; 
					} 
				} 

				text +=3; 
				size -=3; 
				buflen +=4;
			} 

			*buf = 0;
			return buflen; 
		} 

		//base64解码的实现

		static unsigned char GetBase64Value(unsigned char ch)
		{
			if ((ch >= 'A') && (ch <= 'Z')) 
				return ch - 'A'; 
			if ((ch >= 'a') && (ch <= 'z')) 
				return ch - 'a' + 26; 
			if ((ch >= '0') && (ch <= '9')) 
				return ch - '0' + 52; 
			switch (ch) 
			{ 
			case '+': 
				return 62; 
			case '/': 
				return 63; 
			case '=': /* base64 padding */ 
				return 0; 
			default: 
				return 0; 
			} 
		}

		//进行base64解码输入应该是4的倍数(根据mime标准)
		//如果不是4倍数返回错误
		//注意 如果是最后一个字符 那么长度不准备 可能会多1 
		//返回buf长度
		static int Base64Dec(unsigned char *buf, unsigned char const *text,int size)
		{
			if(size%4)
				return -1;
			unsigned char chunk[4];
			int parsenum=0;

			while(size>0)
			{
				chunk[0] = GetBase64Value(text[0]); 
				chunk[1] = GetBase64Value(text[1]); 
				chunk[2] = GetBase64Value(text[2]); 
				chunk[3] = GetBase64Value(text[3]); 

				*buf++ = (chunk[0] << 2) | (chunk[1] >> 4); 
				*buf++ = (chunk[1] << 4) | (chunk[2] >> 2); 
				*buf++ = (chunk[2] << 6) | (chunk[3]);

				text+=4;
				size-=4;
				parsenum+=3;
			}

			buf[parsenum]='\0';
			return parsenum;
		} 
	};

5 openSSL的AES用法

5.1 设置KEY

加密解密的密钥存储为AES_KEY，需要通过AES_set_encrypt_key或AES_set_decrypt_key来设置：

	static int aes_encrypt(unsigned char const* userpasswd, int userpasswd_len, vector<unsigned char> const& in_plain, vector<unsigned char>& out_ciphertext, IV& iv)
	{
		out_ciphertext.clear();
		unsigned char userkey[32];//必须是16/24/32
		memset((void*)userkey, '\0', 32);
		memcpy(userkey, userpasswd, (userpasswd_len > 32 ? 32 : userpasswd_len));
		/*设置加密key及密钥长度*/
		AES_KEY key;
		if (AES_set_encrypt_key(userkey, 32 * 8, &key) < 0)
		{
			return __LINE__;
		}
。。。。。。

注意加密和解密的函数是不一样的。

5.2 加密解密AES_encrypt/AES_decrypt

这两个函数非常简单，参数只有输入、输出、KEY，简单明了。

---

（这里是文档结束）