OpenSSL EVP Series 2 - Algorithm Overview
--- Translation and your own understanding
(Author: DragonKing, Mail: wzhah@263.net, Posted on: http: //gdwzh.126.com of openssl professional forums, version: openssl-0.9.7)
The function series of the symmetric encryption algorithm package is starting with EVP_ENCRYPT * ... *, in fact, these functions simply call the EVP_CIPHER * ... * series of the same name function, change a name may be to better distinguish and understand . In addition to achieving a symmetrical encryption algorithm, the EVP_Encrypt * ... * series also provides a buffer function on the block encryption algorithm. We will use EVP_CIPHER terms in the future because it is a true implementation structure.
EVP_CIPHER * ... * One basic structure to be implemented is an algorithm structure defined below, which defines what algorithm for data processing should be used in the EVP_CIPHER series function, which is defined as follows (EVP.H):
Typedef struct evp_cipher_st
{
int NID;
Int block_size;
Int key_len;
INT IV_LEN;
Unsigned long flag;
INT (* init) (EVP_CIPHER_CTX * CTX, Const unsigned char * iv, int enc);
INT (* do_cipher) (EVP_CIPHER_CTX * CTX, UNSIGNED Char * OUT, Const unsigned char * in, unsigned int inl);
INT (* Cleanup) (EVP_CIPHER_CTX *);
INT CTX_SIZE;
INT (* set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
INT (* get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
INT (* ctrl) (EVP_CIPHER_CTX *, INT TYPE, INT ARG, VOID * PTR); / * miscellaneous Operations * /
Void * app_data;
Evp_cipher;
The following is some explanation of some members of this structure:
NID - is the NID identification number of the algorithm, and each object has an internal unique identification ID in OpenSSL.
Block_size - is the length of each encrypted data block, in bytes
Key_Len - a variety of different algorithms default key length
IV_LEN - the length of the initialization vector
Init - Algorithm Structure Initialization Function, can be set to encryption mode or decrypt mode
DO_CIPHER - functions for data encryption or decryption
Cleanup - Release the data and settings in the EVP_CIPHER_CTX structure.
Ctx_size - Set the length of CTX-> Cipher_Data data
Set_asn1_parameters - Set an Asn1_Type by parameter in the EVP_CIPHER_CTX structure
GET_ASN1_PARAMETERS - Get parameters from an ASN1_TYPE
Ctrl - Other various operation functions
App_data-- application data
By defining a pointer to this structure, you can connect only the algorithm you use when you connect, and if you use an integer to indicate what algorithm should be used, it will cause all algorithms' code to be connected. Code. With such a structure, you can add new algorithms yourself.
On this basis, each EVP_CIPHER * ... * function maintains a pointer to a EVP_CIPHER_CTX structure.
Typedef struct evp_cipher_ctx_st
{
Const evp_cipher * copher;
Engine * Engine;
Int Encrypt;
Int buf_len;
Unsigned char oiv [evp_max_iv_length];
Unsigned char iv [evp_max_iv_length];
Unsigned char buf [EVP_MAX_BLOCK_LENGTH];
Int Num;
Void * app_data;
Int key_len;
Unsigned long flag;
Void * cipher_data;
int final_USED;
Int block_mask;
Unsigned char final [eVP_max_block_length];
Evp_cipher_ctx;
The following is a simple explanation of some members of this structure:
Cipher - is an EVP_CIPHER algorithm structure related to this structure
Engine - If the encryption algorithm is provided by Engine, then the member saves related function interfaces.
Encrypt - Encrypted or decrypted sign
BUF_LEN - current data length in this structural buffer
OIV - initialized vector
IV - initialization vector when working
BUF - Saved part needs data
Num - Specifies the block length when the CFB / OFB mode
App_data-- application to process data
Key_LEN - key length, algorithm is different from the same length
Cipher_data - encrypted data
The above two structures are two basic structures of the EVP_CIPHER (EVP_ENCRYPT) series, and other other column functions are implemented in these two structures. File EVP / EVP_ENC.C is the highest layer package implementation, various encrypted algorithms are implemented in p_enc.c, and the package of decryption algorithm is implemented in p_Dec.c, and each e-* *. C file is truly realized. The addition of various algorithms, of course, they are actually some package functions, and the real algorithm implements file implementation in each algorithm in the same name directory.
