我已经写了两个程序来实现对称加密的服务器-客户端通信。它们似乎做得很好:客户端请求消息,使用AES_key进行加密,将其发送到服务器,服务器解密后将其发送回来。
这是服务器的代码:
现在,我想使用公共加密方式交换密钥,因此我需要为每个端点加载两个文件:其私有文件和另一个端点的公共文件。我已经创建了它们。
因此,在服务器端添加以下代码(在main函数开头)即可:
/*
C socket server example using sockets and symmetric encryption
compile with gcc server.c -o server -lssl -lcrypto
*/
#include<stdio.h>
#include<string.h> //strlen
#include<sys/socket.h>
#include<arpa/inet.h> //inet_addr
#include<unistd.h> //write
#include <openssl/aes.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
int main(int argc , char *argv[])
{
static const unsigned char key[] = {"hello"};
int socket_desc , client_sock , c , read_size;
struct sockaddr_in server , client;
unsigned char client_message[40];
unsigned char dec_message[16];
//Create socket
socket_desc = socket(AF_INET , SOCK_STREAM , 0);
if (socket_desc == -1)
{
printf("Could not create socket");
}
puts("Socket created");
//Prepare the sockaddr_in structure
server.sin_family = AF_INET;
server.sin_addr.s_addr = INADDR_ANY;
server.sin_port = htons( 8888 );
//Bind
if( bind(socket_desc,(struct sockaddr *)&server , sizeof(server)) < 0)
{
//print the error message
perror("bind failed. Error");
return 1;
}
puts("bind done");
//Listen
listen(socket_desc , 3);
//Accept and incoming connection
puts("Waiting for incoming connections...");
c = sizeof(struct sockaddr_in);
//accept connection from an incoming client
client_sock = accept(socket_desc, (struct sockaddr *)&client, (socklen_t*)&c);
if (client_sock < 0)
{
perror("accept failed");
return 1;
}
puts("Connection accepted");
//create decryption key
AES_KEY aes_key;
AES_set_decrypt_key((const unsigned char*) key, 128, &aes_key);
//Receive a message from client
while( (read_size = recv(client_sock , client_message , 2000 , 0)) > 0 )
{
//decry message
AES_decrypt((const unsigned char*)client_message,dec_message,(const AES_KEY *)&aes_key);
//Send the message back to client
write(client_sock , dec_message , strlen(dec_message));
}
if(read_size == 0)
{
puts("Client disconnected");
fflush(stdout);
}
else if(read_size == -1)
{
perror("recv failed");
}
return 0;
}
以下是客户端的代码:
/*
C ECHO client example using sockets and symmetric encryption
*/
#include<stdio.h> //printf
#include<string.h> //strlen
#include<sys/socket.h> //socket
#include<arpa/inet.h> //inet_addr
#include<unistd.h> //write
#include "openssl/aes.h"
#include <openssl/rsa.h>
#include <openssl/evp.h>
int main(int argc , char *argv[])
{
static const unsigned char key[] = {"hello"};
int sock;
struct sockaddr_in server;
//Create socket
sock = socket(AF_INET , SOCK_STREAM , 0);
if (sock == -1)
{
printf("Could not create socket");
}
puts("Socket created");
server.sin_addr.s_addr = inet_addr("127.0.0.1");
server.sin_family = AF_INET;
server.sin_port = htons( 8888 );
//Connect to remote server
if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0)
{
perror("connect failed. Error");
return 1;
}
puts("Connected\n");
//create key
AES_KEY aes_key;
AES_set_encrypt_key((const unsigned char*)key, 128, &aes_key);
//keep communicating with server
while(1)
{
unsigned char enc_message[40]={0};
unsigned char message[16]={0};
unsigned char server_reply[40]={0};
fflush(stdin);
fflush(stdout);
printf("Enter message : ");
scanf("%s" , message);
//encrypt message
AES_encrypt((const unsigned char*)message,enc_message,(const AES_KEY *)&aes_key);
//Send some data
if( send(sock , enc_message , strlen(enc_message) , 0) < 0)
{
puts("Send failed");
return 1;
}
//Receive a reply from the server
if( recv(sock , server_reply , 2000 , 0) < 0)
{
puts("recv failed");
break;
}
printf("Server reply : %s \n",server_reply);
}
close(sock);
return 0;
}
现在,我想使用公共加密方式交换密钥,因此我需要为每个端点加载两个文件:其私有文件和另一个端点的公共文件。我已经创建了它们。
因此,在服务器端添加以下代码(在main函数开头)即可:
RSA* pRSAPRI = RSA_new();
RSA* pRSAPRI2 = RSA_new();
OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers();
ERR_load_crypto_strings();
RSA* pRSAserver;
RSA* pRSAclientimport;
FILE* f1;
FILE* f2;
//load public key of client
f1 = fopen("client_public.pem", "r");
if (f1==NULL)
{
printf("could not open file \n");
}
pRSAclientimport = PEM_read_RSAPublicKey(f1, &pRSAPRI, NULL, NULL);
fclose(f1);
//load private key of server
f2 = fopen("server_private.pem", "r");
if (f2==NULL)
{
printf("could not open file \n");
}
pRSAserver = PEM_read_RSAPrivateKey(f2, &pRSAPRI2, NULL, "1234");
fclose(f2);
然而,将这段代码添加到客户端会影响程序,导致从服务器返回的答案不正确:
RSA* pRSAPRI2 = RSA_new();
RSA* pRSAPRI = RSA_new();
OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers();
ERR_load_crypto_strings();
RSA* pRSAclient;
RSA* pRSAserverimport;
FILE* f3;
FILE* f4;
//load public key of server
f3 = fopen("server_public.pem", "r");
if (f3==NULL)
{
printf("could not open file \n");
}
pRSAserverimport = PEM_read_RSAPublicKey(f3, &pRSAPRI, NULL, NULL);
fclose(f3);
//load private key of client
f4 = fopen("client_private.pem", "r");
if (f4==NULL)
{
printf("could not open file \n");
}
pRSAclient = PEM_read_RSAPrivateKey(f4, &pRSAPRI2, NULL, "1234");
fclose(f4);
很抱歉发了这么长的帖子,但我不知道问题出在哪里。我尝试了随机刷新,我猜可能是问题所在,但它并没有起作用。有什么想法吗?
AES_Encrypt()
生成的加密消息不是以NUL结尾的字符串,因此这一行代码是错误的:if( send(sock , enc_message , strlen(enc_message) , 0) < 0)
。 - Andrew HenleAES_Encrypt
和send
必须良好协作。 - blindeyes