linux2.6.38提供了一些應用層掉內核層加解密模塊的介面,據說還支持硬體加密卡(未試). 下面是用openssl 和 內核分別進行aes加密的比較:
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <openssl/aes.h>
#include <sys/socket.h>
#include <linux/if_alg.h> #ifndef AF_ALG
#define AF_ALG 38
#define SOL_ALG 279
#endif #define BUF_SIZE 16 static void crypt_ssl(char *in, int inlen, char *out,const char *key, char *iv)
{
AES_KEY akey;
AES_set_encrypt_key(key, 128, &akey); AES_cbc_encrypt(in, out, inlen, &akey, iv, 1);
} static void crypt_kernel(char *in, int inlen, char *out, const char *key, char *oiv)
{
int opfd;
int tfmfd;
struct sockaddr_alg sa = {
.salg_family = AF_ALG,
.salg_type = "skcipher",
.salg_name = "cbc(aes)"
};
struct msghdr msg = {};
struct cmsghdr *cmsg;
char cbuf[CMSG_SPACE(4) CMSG_SPACE(20)] = {};
struct af_alg_iv *iv;
struct iovec iov; tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa));
setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY, key, 16);
opfd = accept(tfmfd, NULL, 0); msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf); cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_OP;
cmsg->cmsg_len = CMSG_LEN(4);
*(__u32 *)CMSG_DATA(cmsg) = ALG_OP_ENCRYPT;
cmsg = CMSG_NXTHDR(&msg, cmsg);
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_IV;
cmsg->cmsg_len = CMSG_LEN(20); iv = (void *)CMSG_DATA(cmsg);
memcpy(iv->iv, oiv, 16);
iv->ivlen = 16; iov.iov_base = in;
iov.iov_len = inlen; msg.msg_iov = &iov;
msg.msg_iovlen = 1; sendmsg(opfd, &msg, 0);
read(opfd, out, inlen); close(opfd);
close(tfmfd);
} int main(int argc, char **argv)
{
int i;
char out[BUF_SIZE] = {0};
char in[BUF_SIZE] = "Single block msg";
const char key[16] =
"x06xa9x21x40x36xb8xa1x5b"
"x51x2ex03xd5x34x12x00x06";
char iv[16] =
"x3dxafxbax42x9dx9exb4x30"
"xb4x22xdax80x2cx9fxacx41"; if(argc != 2)
{
printf("usage:ntcompare openssl / compare kerneln");
} if(strncmp(argv[1], "openssl", 7) == 0)
{
printf("encrypt by openssl...n");
crypt_ssl(in, BUF_SIZE, out, key, iv);
} if(strncmp(argv[1], "kernel", 6) == 0)
{
printf("encrypt by kernel...n");
crypt_kernel(in, BUF_SIZE, out, key, iv);
} for (i = 0; i < BUF_SIZE; i )
printf("�x", (unsigned char)out[i]);
printf("n");
return 0;
} Makefile的內容如下:
development:/westone/af_alg/compare # cat Makefile INCLUDES=-I/westone/linux-2.6.38.4/include
-I/westone/openssl/include/openssl
LIBS=-L/westone/openssl/lib -lcrypto -lssl CROSS_COMPILE=586-
CC=$(CROSS_COMPILE)gcc
FLAGS =-Wall #-Werror C_SOURCES=$(wildcard *.c)
C_OBJS=$(patsubst %.c, %.o, $(C_SOURCES))
APP=compare all:clean $(APP)
compare:$(C_OBJS)
$(CC) $(FLAGS) -o compare $^ $(LIBS)
.c.o:
$(CC) -c -o $*.o $(FLAGS) $(INCLUDES) $*.c
compile:$(C_OBJS)
$(CC) $(LINKFLAGS) -o $(TARGET) $^ $(LIBS)
clean:
rm -f $(C_OBJS)
rm -f $(APP) 執行后結果如下: # ./compare kernel
encrypt by kernel...
e353779c1079aeb82708942dbe77181a
# ./compare openssl
encrypt by openssl...
e353779c1079aeb82708942dbe77181a
本文出自 「國產0與1」 博客,請務必保留此出處http://qq164587043.blog.51cto.com/261469/568627
