Go中与OpenSSL EVP_symmetric EVP_aes_256_cbc等效的是什么?

huangapple go评论81阅读模式
英文:

Go equivalent to OpenSSL EVP symmetric EVP_aes_256_cbc

问题

我正在编写一个Go脚本,用于解密使用EVP_aes_256_cbc和RSA公钥加密的一些旧数据。

在C语言中,代码可能是这样的:

key_size = EVP_OpenInit(&ctx, EVP_aes_256_cbc(), evp_key, eklen, iv, pkey);
//...
EVP_OpenUpdate(&ctx, destination, &len_out, buffer_in, buffer_size)
//...
EVP_OpenFinal(&ctx, destination+len_out, &len_out);

我在Go中有等效的evp_keyiv字节数组,但是我必须承认,我对OpenSSL中EVP的工作顺序不太了解(我在C语言方面相当熟练,但是通过查看OpenSSL源代码,我无法理解解密的过程)。

在Go中,我可以做到这一步:

pKey := //rsa.PrivateKey
eklen := 32
evpKey := "//隐藏的32字节数组"
iv := "//隐藏的16字节数组"

c, err := aes.NewCipher(iv)
cbc := cipher.NewCBCDecrypter(c, iv)

这里是我迷失的地方。我有一个evpKeypKey,但是我不确定如何从这里解密数据。OpenSSL使用RSA_decrypt_old或类似的函数,但是我无法找到它的具体含义。

是否有Go的等效方法,还是我需要使用代价过高的cgo包并自己动手解决?

更新(解决方案):

对于任何想要在Go中复制EVP行为或者只是想知道EVP的工作原理的人,以下是解释。
如果你知道C语言(或Java或其他OpenSSL实现)使用类似以下方式进行加密:

// 伪代码:不要复制粘贴并期望奇迹
EVP_PKEY_assign_RSA(pkey, public_key);
EVP_CIPHER_CTX_init(&ctx);
EVP_SealInit(&ctx, EVP_aes_256_cbc(), &evp_key, &evp_key_len, iv, &pkey, 1);
EVP_SealUpdate(&ctx, buffer_out, &encrypt_len, (unsigned char*)buffer_in, len);
EVP_SealFinal(&ctx, buffer_out+encrypt_len, &encrypt_len);

"Seal"实际上只是使用RSA公钥加密密钥。

在Go中解密类似的内容:

evpKeyBytes := "// rsa.PublicKey编码的evpKey"
evpKey, err := rsa.DecryptPKCS1v15(rand.Reader, PrivateKeyRSA, evpKeyBytes)
c, err := aes.NewCipher(evpKey)
cbc := cipher.NewCBCDecrypter(c, iv)
decryptedDataBytes := make([]bytes, 2048) // 一些消息大小
cbc.CryptBlocks(decryptedDataBytes, encryptedDataBytes)
data = string(decryptedDataBytes)
// data应该包含预期的解密结果。
英文:

I'm writing a Go script that will decrypt some legacy data that is encrypted with EVP_aes_256_cbc and an RSA public key.

In C this would be something like:

key_size = EVP_OpenInit(&ctx, EVP_aes_256_cbc(), evp_key, eklen, iv, pkey);
//...
EVP_OpenUpdate(&ctx, destination, &len_out, buffer_in, buffer_size)
//...
EVP_OpenFinal(&ctx, destination+len_out, &len_out);

I have the evp_key and iv byte array equivalents in Go, but I must confess the order of how EVP works in OpenSSL eludes me (I'm fairly competent in C, but I can't get a grasp on the process by which this decryption happens from looking at the OpenSSL source.)

In Go, I can get this far:

pKey := //rsa.PrivateKey
eklen := 32
evpKey := "// hidden 32 byte array"
iv := "// hidden 16 byte array"

c, err := aes.NewCipher(iv)
cbc := cipher.NewCBCDecrypter(c, iv)

And here's where I get lost. I have an evpKey and the pKey, but I'm not sure how to decrypt the data from here. OpenSSL uses RSA_decrypt_old or something like that, but I'm unable to track down what that actually means.

Is there a Go equivalent or do I need to bust out the much-too-expensive cgo package and roll up my sleeves?

Update (Resolution):

For anyone looking to replicate the EVP behavior in Go or just wondering how EVP works exactly, the following is breakdown.
If you know the C (or Java or whatever OpenSSL implementation) was encrypting with something like:

// pseudo-code: don't copypasta and expect amazing
EVP_PKEY_assign_RSA(pkey, public_key);
EVP_CIPHER_CTX_init(&ctx);
EVP_SealInit(&ctx, EVP_aes_256_cbc(), &evp_key, &evp_key_len, iv, &pkey, 1);
EVP_SealUpdate(&ctx, buffer_out, &encrypt_len, (unsigned char*)buffer_in, len);
EVP_SealFinal(&ctx, buffer_out+encrypt_len, &encrypt_len);

The "Seal" actually just encrypts the key with the RSA public key.

In Go to decrypt something like that:

evpKeyBytes := "// the rsa.PublicKey encoded evpKey"
evpKey, err := rsa.DecryptPKCS1v15(rand.Reader, PrivateKeyRSA, evpKeyBytes)
c, err := aes.NewCipher(evpKey)
cbc := cipher.NewCBCDecrypter(c, iv)
decryptedDataBytes := make([]bytes, 2048) // some message size
cbc.CryptBlocks(decryptedDataBytes, encryptedDataBytes)
data = string(decryptedDataBytes)
// data should have the expected decrypted result.

答案1

得分: 2

NewCipher期望的是密钥而不是初始化向量(iv),由于你传递了一个128位的iv,它将作为aes128cbc工作。

英文:

NewCipher expects the key not the iv, and since you're passing it a 128bit iv it works as aes128cbc.

huangapple
  • 本文由 发表于 2014年9月4日 07:39:32
  • 转载请务必保留本文链接:https://go.coder-hub.com/25655229.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定