Background technology
Obtain in the world along with computer technology using widely, for enterprise or the office of personal user
Provide a great convenience, but be also faced with many potential safety hazards, in full during computer is universal
It is broken, according to storehouse system of defense, the loss that meeting cause the user is huge, under information age background, grasps various adding
Close, decryption method is to ensure that the effective measures of data safety.Along with developing rapidly of electronic technology, embedded
Equipment is the most prosperous, and various encryption and decryption methods have also been obtained deep development in built-in field.
In existing encryption and decryption method, that the most famous is MD5 (Message-Digest Algorithm
5), RSA etc., also have many symmetry algorithms (can encrypt and can also decipher), MD5 be in the early 1990s by
The experiment examination of MIT computer science and RSA Data Security Inc invent, via MD2, MD3 and MD4
Develop.Random length " byte serial " is transformed into the big integer of a 128bit by MD5, and
And be an irreversible character string mapping algorithm, in other words, even if you see source program and algorithm
Describe, also the value of a MD5 cannot be switched back to original character string, say from data principles, be because former
The character string begun has infinite multiple.Typical case's application of MD5 is to produce one section of Message (word string)
Fingerprint (fingerprint), to prevent from being tampered.RSA (Rivest-Shamir-Adleman) is one
Data encryption can be used for and can be used for the Digital Signature Algorithm of deciphering.It should be readily appreciated that and operate, and flows the most very much
OK.It experienced by various attack, is not changed brokenly completely to the present.But existing encryption and decryption method exists
Windows system is easier realize, is applied to during embedded system field have the disadvantage in that
(1) various encryption and decryption methods are relatively complicated, do not have very professional aid to support very
Difficult realization;
(2) encryption and decryption approaches can not be put together (i.e. to data encryption in code, also in same section generation
It is decrypted in Ma), safety also can not get ensureing.
Summary of the invention
In view of this, the present invention provides a kind of and realizes encryption and decryption approaches based on embedded Linux system,
In the way of realizing coexisting with the encryption that kernel associates and deciphering, increase code and the safety of data.
According to an aspect of the present invention, it is provided that one based on embedded Linux system realize encryption conciliate
Close method, comprises the following steps:
Encryption function and the definition of decryption function and reality is added in the system call file of linux kernel code
Modern code;
System at the corresponding kernel code of processor is called and is added encryption function statement and deciphering in function list
Function is declared;
Recompilate kernel code, and again solidify;
In application software, call encryption function according to encryption function statement be encrypted and/or call deciphering letter
Number is decrypted.
Preferably, in the system call file of linux kernel code, add encryption function definition and realize generation
Code farther includes: increase encryption function definition and the realization generation of encryption function in kernel/sys.c file
Code and decryption function definition and decryption function realize code.
Preferably, the code that realizes of encryption function and decryption function includes MD5, RSA and/or custom algorithm.
Preferably, the system at the corresponding kernel code of processor calls addition encryption function sound in function list
Bright statement with decryption function farther includes: at the corresponding title of arch/ processor/kernel/calls.S file
Middle addition encryption function call entry, No. ID that recording of encrypted function is corresponding;In arch/ processor correspondence name
Title/kernel/calls.S file adds encryption function call entry, record corresponding No. ID of decryption function.
Preferably, in application software, call encryption function according to encryption function statement and be encrypted bag further
Include: in application software No. ID of encryption function according to function declaration by system calling function API Calls
Encryption function is encrypted.In application software according to decryption function statement call decryption function be decrypted into
One step includes: in application software No. ID of decryption function according to function declaration by system calling function API
Call decryption function to be decrypted.
According to another aspect of the present invention, it is provided that one based on embedded Linux system realize encryption and
The device of deciphering, including with lower module:
Function realizes module, fixed for adding decryption function in the system call file of linux kernel code
Justice and realize code;
Function statement module, adds for calling in function list in the system of the corresponding kernel code of processor
Decryption function is stated;
Curing module, is used for recompilating kernel code, and again solidifies;
Application module, in application software according to encryption function statement call encryption function be encrypted and/
Or state that calling decryption function is decrypted according to decryption function.
Preferably, function realize module specifically for: in kernel/sys.c file, increase decryption function fixed
Justice realizes code with decryption function and increases decryption function definition reconciliation in kernel/sys.c file
Close function realize code.
Preferably, the code that realizes of decryption function includes MD5, RSA and/or custom algorithm.
Preferably, function statement module specifically for: at arch/ processor correspondence title/kernel/calls.S
File adds encryption function call entry, No. ID that recording of encrypted function is corresponding;At arch/ processor pair
Answering addition decryption function call entry in title/kernel/calls.S file, record decryption function is corresponding
No. ID.
Preferably, application module specifically for: in application software according to encryption function statement encryption function
No. ID be decrypted by system calling function API Calls encryption function;And/or, in application software
No. ID of decryption function according to decryption function statement is carried out by system calling function API Calls decryption function
Deciphering.
What the embodiment of the present invention provided realizes encryption and decryption approaches and device based on embedded Linux system,
Encryption and decryption program is performed by the encryption and decrypted code using system calling function API Calls kernel,
Realize the encryption that associates with kernel and mode that deciphering coexists, add the difficulty that data crack, increase code
Safety with data.Meanwhile, the complexity in the application software of embedded Linux kernel code is reduced
Spend, and different application softwaries can use identical Encrypt and Decrypt function.
Detailed description of the invention
In order to make the technical problem to be solved, technical scheme and beneficial effect clearer, clear,
Below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that this place is retouched
The specific embodiment stated only in order to explain the present invention, is not intended to limit the present invention.
As it is shown in figure 1, the one for embodiment of the present invention offer realizes encryption based on embedded Linux system
Method comprises the following steps:
S102, in the system call file of linux kernel code add encryption function definition and realize code.
Preferably, encryption function definition and the realization of encryption function can be increased in kernel/sys.c file
Code, wherein, AES can be current various AESs (such as MD5, RSA etc.), it is possible to
To be self-defining AES.Even if using fairly simple AES, encryption can be reached too
Purpose.
Such as: SYSCALL_DEFINE2 (encrypt, void*, src, int, len);
Wherein, encrypt represents the function name of encryption, and 2 indicate two parameters, and void* represents parameter 1
Type, src represents the parameter 1 title memory address pointer of encryption data (void*src be here), int
Representing parameter 2 type, len represents that (int len represents encrypted data length, and type is for the title of parameter 2
Integer).
S104, call in the system of the corresponding kernel code of processor function list adds encryption function statement.
Preferably, this step farther includes: at arch/ processor correspondence title/kernel/calls.S literary composition
Part adds encryption function call entry, and records the entrance ID of correspondence.
As a example by arm processor, then in arch/arm/kernel/calls.S file, add encryption function
The statement of the ID that encrypt is corresponding, in the present embodiment, ID can select 300.
S106, recompility kernel code, and again solidify;
Specifically, the kernel of code will be newly increased, compile and be burnt on embedded device.
S108, call encryption function be encrypted according to encryption function statement in application software.
Preferably, this step farther includes: the encryption stated according to described encryption function in application software
No. ID of function is encrypted by system calling function API Calls encryption function.When such as ID is 300,
Syscall (300, encryption data, length) can be passed through and call encryption function.I.e. realize data at needs
The place of encryption, by the way of system is called, completes the encryption of data.
As in figure 2 it is shown, the one that the embodiment of the present invention provides realizes decryption side based on embedded Linux system
Method:
S202, in the system call file of linux kernel code add decryption function definition and realize code;
Preferably, decryption function definition and the realization of decryption function can be increased in kernel/sys.c file
Code, wherein, decipherment algorithm can be current various decipherment algorithms (such as MD5, RSA etc.), it is possible to
To be self-defining decipherment algorithm.
Such as: SYSCALL_DEFINE2 (dencrypt, void*, src);
Wherein, encrypt represents the function name of deciphering, and 2 indicate two parameters, and void* represents parameter 1
Type, src represents parameter 1 title (void*src is the memory address pointer deciphering ciphertext data here),
Int represents parameter 2 type, and len represents that (int len represents deciphering data length, class for the title of parameter 2
Type is integer).
S204, call in the system of the corresponding kernel code of processor function list adds decryption function statement.
Preferably, this step farther includes: at arch/ processor correspondence title/kernel/calls.S literary composition
Part adds decryption function call entry, and records the entrance ID of correspondence.
As a example by arm processor, then in arch/arm/kernel/calls.S file, add decryption function
The statement of corresponding ID, in the present embodiment, No. ID can select 301.
S206, recompility kernel code, and again solidify.
Specifically, the kernel of code will be newly increased, compile and be burnt on embedded device.
S208, call decryption function be decrypted according to decryption function statement in application software.
Preferably, this step farther includes: the deciphering stated according to described decryption function in application software
No. ID of function is encrypted by system calling function API Calls decryption function.When such as ID is 301,
Syscall (301, solve ciphertext data, length) can be passed through and call decryption function.I.e. realize data at needs
The place of deciphering, by the way of system is called, completes the deciphering of data.
What the embodiment of the present invention provided realizes encryption and decryption approaches based on embedded Linux system, by making
Call the encryption of kernel by system and decrypted code performs encryption and decryption program, it is achieved associate with kernel adds
The mode that close and deciphering coexists, adds the difficulty that data crack, and increases code and the safety of data.With
Time, reduce the complexity in the application software of embedded Linux kernel code, and different application is soft
Part can use identical Encrypt and Decrypt function.
Illustrate the preferred embodiments of the present invention above by reference to accompanying drawing, not thereby limit to the right model of the present invention
Enclose.Those skilled in the art are without departing from any amendment made in the scope of the present invention and essence, equivalent
And improvement, all should be within the interest field of the present invention.