VC ++ network security programming example (13)-OpenSSL engine Programming

The engine mechanism of the engine mechanism occurs in OpenSSL version 0.9.6. At the beginning, the general version is separated from the version that supports the engine, to OpenSSL version 0.9.7, the engine mechanism is integrated into the OpenSSL kernel and becomes an indispensable part of OpenSSL. The engine mechanism aims to enable OpenSSL to transparently use third-party software encryption libraries or hardware encryption devices for encryption. The engine mechanism of OpenSSL has successfully achieved this goal, which makes OpenSSL not only enable an encryption library, but also provides a general encryption interface, which can coordinate with most of the encryption libraries or devices. Of course, to make a specific encrypted library or device more OpenSSL coordination, you need to write a small number of interfacesCodeHowever, this workload is not big, although it still requires a little bit of cryptographic knowledge. The engine function is basically the same as the CSP function provided by windows. Currently, OpenSSL 0.9.7 supports eight types of embedded third-party encryption devices, including cryptoswift, ncipher, atalla, nuron, ubsec, AEP, sureware, and IBM 4758 CCA hardware encryption devices. An engine interface that supports the PKCS #11 interface is also available. Some interfaces that support Microsoft CryptoAPI are also developed. Of course, the support for all the above engine interfaces is not necessarily comprehensive. For example, one or two public keys may be supported.Algorithm.

To implement OpenSSL engine programming based on VC ++, see code implementation and annotations.

# Include "commonlib. H "<br/> # include" simple_engine_def.h "</P> <p> # include <OpenSSL/EVP. h> </P> <p> int main () <br/>{</P> <p> engine * E; <br/> const evp_cipher * cipher = evp_des_ecb (); <br/> evp_cipher_ctx ciph_ctx; <br/> unsigned char key [16], IV [16]; <br/> const char * info = "this is a simple engine test"; <br/> unsigned char out [100], dec_data [100]; <br/> int outl, total; </P> <p> openssl_add_all_algorithms (); <br/> engine_load_simplecipher (); // load the custom engine <br/> E = engine_by_id (simple_engine_id); <br/> printf ("engine name: % s \ n", (char *) engine_get_name (e); </P> <p> // Random Number Generation <br/> If (rand_set_rand_engine (e) = 0) <br/> int_error ("rand_set_rand_engine error \ n "); </P> <p> // use the custom random number algorithm to generate a random number and fill it with the key for encryption and decryption <br/> rand_bytes (Key, sizeof (key )); <br/> printf ("the random number string generated is:"); <br/> for (INT I = 0; I <sizeof (key); I ++) printf ("% C", key [I]); <br/> printf ("\ n "); </P> <p> // symmetric encryption <br/> evp_cipher_ctx_init (& ciph_ctx ); <br/> // use the engine symmetric algorithm <br/> If (evp_encryptinit_ex (& ciph_ctx, cipher, E, key, iv) = 0) <br/> int_error ("evp_encryptinit_ex error \ n"); </P> <p> total = 0; <br/> If (evp_encryptupdate (& ciph_ctx, out, & outl, (const unsigned char *) info, (INT) strlen (Info) = 0) <br/> int_error ("evp_encryptupdate error \ n "); <br/> total + = outl; </P> <p> If (evp_encryptfinal (& ciph_ctx, out + total, & outl) = 0) <br/> int_error ("evp_encryptfinal error \ n"); <br/> total + = outl; <br/> printf ("the encrypted data is: \ n "); <br/> for (Int J = 0; j <total; j ++) printf (" % 02x ", out [J]); <br/> printf ("\ n"); </P> <p> // decryption <br/> If (evp_decryptinit_ex (& ciph_ctx, cipher, E, key, iv) = 0) <br/> int_error ("evp_decryptinit_ex error \ n"); </P> <p> If (evp_decryptupdate (& ciph_ctx, dec_data, & outl, out, total) = 0) <br/> int_error ("evp_decryptupdate error \ n"); <br/> total = outl; </P> <p> If (evp_decryptfinal (& ciph_ctx, dec_data + total, & outl) = 0) <br/> int_error ("evp_decryptfinal error "); <br/> total + = outl; </P> <p> dec_data [total] = 0; <br/> printf ("decrypted content (length = % d ): [% s] \ n ", total, dec_data); <br/> return 0; <br/>}