通过OpenSSL的接口实现Base64编解码
对openssl genrsa产生的rsa私钥pem文件,使用普通的base64解码会有问题,如使用https://blog.csdn.net/fengbingchun/article/details/85218653 中介绍的方法,一是有可能不能从返回的结果中直接使用strlen来获得最终字符的大小,因为返回的结果中可能会有0x00;二是pem文件中会有换行符,每行的字节长度超过64个字节就会有换行,普通的base64解码中不会对换行符有处理。在OpenSSL中,默认情况下,base64行长度限制为64个字符。
先介绍下使用命令行openssl base64进行编解码:
(1).对” https://blog.csdn.net/fengbingchun”进行编解码,执行命令及结果如下:
(2).对长串进行编解码,如” https://blog.csdn.net/fengbingchun https://github.com//fengbingchun”,执行命令及结果如下:编码长度超过64个字符长度,会进行换行,若不想换行,可增加使用”-A”选项
(3).对指定文件进行编解码:如文件1.txt,先进行编码生成2.txt,然后再对2.txt进行解码生成3.txt,执行命令及结果如下:
下面是通过调用openssl的相关接口组合成的base64编解码实现:由外部负责申请足够的空间用于存放结果,最后一个参数用于指明编解码中是否换行。
int openssl_base64_encode(const unsigned char* in, int inlen, char* out, int* outlen, bool newline)
{
BIO* b64 = BIO_new(BIO_f_base64());
BIO* bmem = BIO_new(BIO_s_mem());
if (!b64 || !bmem) {
fprintf(stderr, "fail to BIO_new\n");
return -1;
}
b64 = BIO_push(b64, bmem);
if (!newline)
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); // ignore newlines, write everything in one line
*outlen = BIO_write(b64, in, inlen);
if (*outlen <= 0 || *outlen != inlen) {
fprintf(stderr, "fail to BIO_write\n");
return -1;
}
BIO_flush(b64);
BUF_MEM* buf = nullptr;
BIO_get_mem_ptr(b64, &buf);
*outlen = buf->length;
memcpy(out, buf->data, *outlen);
BIO_free_all(b64);
return 0;
}
int openssl_base64_decode(const char* in, int inlen, unsigned char* out, int* outlen, bool newline)
{
BIO* b64 = BIO_new(BIO_f_base64());
BIO* bmem = BIO_new_mem_buf(in, inlen);
if (!b64 || !bmem) {
fprintf(stderr, "fail to BIO_new\n");
return -1;
}
b64 = BIO_push(b64, bmem);
if (!newline)
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); // ignore newlines, write everything in one line
*outlen = BIO_read(b64, out, inlen);
if (*outlen <= 0) {
fprintf(stderr, "fail to BIO_read\n");
return -1;
}
BIO_free_all(b64);
return 0;
}下面是通过编解码字符串的测试代码:
int test_openssl_base64_simple()
{
const char* src = "https://blog.csdn.net/fengbingchun https://github.com//fengbingchun";
int inlen = strlen(src);
int outlen = (inlen + 2) / 3 * 4 + ((inlen + 2) / 3 * 4 + 63) / 64;
std::unique_ptr out1(new char[outlen]);
bool newline = true;
int ret = openssl_base64_encode((const unsigned char*)src, inlen, out1.get(), &outlen, newline);
if (ret != 0) {
fprintf(stderr, "fail to openssl_base64_encode\n");
return -1;
}
fprintf(stdout, "encode result:\n");
std::for_each(out1.get(), out1.get() + outlen, [](char& c) { fprintf(stdout, "%c", c); });
fprintf(stdout, "\n");
std::unique_ptr dst(new unsigned char[outlen]);
int outlen1 = 0;
ret = openssl_base64_decode(out1.get(), outlen, dst.get(), &outlen1, newline);
if (ret != 0) {
fprintf(stderr, "fail to openssl_base64_decode\n");
return -1;
}
fprintf(stdout, "decode result:\n");
std::for_each(dst.get(), dst.get() + outlen1, [](unsigned char& c) { fprintf(stdout, "%c", (char)c); });
fprintf(stdout, "\n");
dst[outlen1] = '\0';
if (strcmp(src, (const char*)dst.get()) == 0) {
fprintf(stdout, "test success\n");
return 0;
} else {
fprintf(stdout, "test fail\n");
return -1;
}
} 执行结果如下图所示:
之前在https://blog.csdn.net/fengbingchun/article/details/106546012中使用OpenSSL的函数PEM_read_RSAPrivateKey直接对pem文件进行解析,下面测试代码是通过调用上面的base64解码函数实现的解析:
int test_openssl_base64_complex()
{
#ifdef _MSC_VER
const char* name = "E:/GitCode/OpenSSL_Test/testdata/rsa_private.pem";
#else
const char* name = "testdata/rsa_private.pem";
#endif
const char* begin = "-----BEGIN RSA PRIVATE KEY-----";
const char* end = "-----END RSA PRIVATE KEY-----";
FILE *fp = fopen(name, "rb");
if (!fp) {
fprintf(stderr, "fail to open file: %s\n", name);
return -1;
}
fseek(fp, 0, SEEK_END);
long length = ftell(fp);
rewind(fp);
std::unique_ptr data(new unsigned char[length]);
fread(data.get(), 1, length, fp);
fclose(fp);
const char* p1 = strstr((const char*)data.get(), begin);
if (!p1) {
fprintf(stderr, "it's not a pem file: %s\n", name);
return -1;
}
const char* p2 = strstr((const char*)data.get(), end);
if (!p2) {
fprintf(stderr, "it's not a pem file: %s\n", name);
return -1;
}
bool newline = true;
long length2 = p2 - p1;
std::unique_ptr decoded(new unsigned char[length2]);
int outlen = 0;
int ret = openssl_base64_decode(p1 + strlen(begin) + 1, length2, decoded.get(), &outlen, newline); // + 一个换行符长度
const unsigned char* p = decoded.get();
RSA_PRIVATE_KEY* key = d2i_RSA_PRIVATE_KEY(nullptr, &p, outlen);
if (!key) {
fprintf(stderr, "fail to d2i_RSA_PRIVATE_KEY\n");
return -1;
}
print(key->version, "version");
print(key->n, "n");
print(key->e, "e");
print(key->d, "d");
print(key->p, "p");
print(key->q, "q");
print(key->exp1, "exp1");
print(key->exp2, "exp2");
print(key->coeff, "coeff");
RSA_PRIVATE_KEY_free(key);
return 0;
} 执行结果如下:与直接使用PEM_read_RSAPrivateKey得到的结果是一致的
以上代码段的完整code见:GitHub/OpenSSL_Test
GitHub:https://github.com/fengbingchun/OpenSSL_Test