All Products
Search
Document Center

CDN:Cipher algorithm functions

Last Updated:Jun 26, 2024

This topic describes the syntax, features, parameters, and return values of cipher algorithm functions. This topic also provides examples of these functions.

aes_new

The following table describes the details about this function.

Item

Description

Syntax

aes_new(config)

Description

Creates an Advanced Encryption Standard (AES) object, which is used for subsequent encryption and decryption operations. To perform encryption, call the aes_enc() function. To perform decryption, call the aes_dec() function.

Parameters

The config parameter is of the dictionary type and includes the following arguments:

  • key: the key, which is of the string type. This parameter is required.

  • salt: the salt value, which is of the string type. This parameter is optional.

  • cipher_len: the length of the key. This parameter is required. Valid values: 128, 192, and 256.

  • cipher_mode: the mode used for encryption or decryption. This parameter is required. Valid values: ecb, cbc, ctr, cfb, and ofb.

  • iv: the initial vector, which is of the string type. This parameter is optional.

Return value

If the function succeeds, an AES object (dictionary type) is returned. Otherwise, false is returned.

Example

aes_conf = []                                                                                                                                                                         
plaintext = ''                                                                                                                                                                        
if and($http_mode, eq($http_mode, 'ecb-128')) {                                                                                                                                       
  set(aes_conf, 'key', 'ab8bfd9f-a1af-4ba2-bbb0-1ee520e3d8bc')                                                                                                                      
  set(aes_conf, 'salt', '1234567890')                                                                                                                                               
  set(aes_conf, 'cipher_len', 128)                                                                                                                                                  
  set(aes_conf, 'cipher_mode', 'ecb')                                                                                                                                               
  plaintext = 'hello aes ecb-128'                                                                                                                                                   
}                                                                                                                                                                                     
if and($http_mode, eq($http_mode, 'cbc-256')) {                                                                                                                                       
  set(aes_conf, 'key', '146ebcc8-392b-4b3a-a720-e7356f62')                                                                                                                          
  set(aes_conf, 'cipher_len', 256)                                                                                                                                                  
  set(aes_conf, 'cipher_mode', 'cbc')                                                                                                                                               
  set(aes_conf, 'iv', '0123456789abcdef')                                                                                                                                           
  plaintext = 'hello aes cbc-256'                                                                                                                                                   
}                                                                                                                                                                                     
if and($http_mode, eq($http_mode, 'ofb-256')) {                                                                                                                                       
  set(aes_conf, 'key', '146ebcc8-392b-4b3a-a720-e7356f62')                                                                                                                          
  set(aes_conf, 'cipher_len', 256)                                                                                                                                                  
  set(aes_conf, 'cipher_mode', 'ofb')                                                                                                                                               
  set(aes_conf, 'iv', tochar(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0))                                                                                                                      
  plaintext = 'hello aes ofb-256'                                                                                                                                                   
}                                                                                                                                                                                     

aes_obj = aes_new(aes_conf)                                                                                                                                                           
if not(aes_obj) {                                                                                                                                                                     
  say(concat('aes obj failed'))                                                                                                                                                     
  exit(400)                                                                                                                                                                         
}                                                                                                                                                                                     

ciphertext = aes_enc(aes_obj, plaintext)                                                                                                                                              
plaintext_reverse = aes_dec(aes_obj, ciphertext)                                                                                                                                      

say(concat('plain: ', plaintext))                                                                                                                                                     
say(concat('cipher: ', tohex(ciphertext)))                                                                                                                                            
say(concat('plain_reverse: ', plaintext_reverse))                                                                                                                                     

if ne(plaintext, plaintext_reverse) {                                                                                                                                                 
  say('plaintext ~= plaintext_reverse')                                                                                                                                            
  exit(400)                                                                                                                                                                        
}

aes_enc

The following table describes the details about this function.

Item

Description

Syntax

aes_enc(o, s)

Description

Encrypts data by using the AES encryption algorithm.

Parameters

  • s: the plaintext to be encrypted.

  • o: the AES object returned by the aes_new function.

Return value

Returns the ciphertext after the text specified by the s parameter is encrypted.

Example

aes_conf = []                                                                                                                                                                         
plaintext = ''                                                                                                                                                                        
if and($http_mode, eq($http_mode, 'ecb-128')) {                                                                                                                                       
  set(aes_conf, 'key', 'ab8bfd9f-a1af-4ba2-bbb0-1ee520e3d8bc')                                                                                                                      
  set(aes_conf, 'salt', '1234567890')                                                                                                                                               
  set(aes_conf, 'cipher_len', 128)                                                                                                                                                  
  set(aes_conf, 'cipher_mode', 'ecb')                                                                                                                                               
  plaintext = 'hello aes ecb-128'                                                                                                                                                   
}                                                                                                                                                                                     
if and($http_mode, eq($http_mode, 'cbc-256')) {                                                                                                                                       
  set(aes_conf, 'key', '146ebcc8-392b-4b3a-a720-e7356f62')                                                                                                                          
  set(aes_conf, 'cipher_len', 256)                                                                                                                                                  
  set(aes_conf, 'cipher_mode', 'cbc')                                                                                                                                               
  set(aes_conf, 'iv', '0123456789abcdef')                                                                                                                                           
  plaintext = 'hello aes cbc-256'                                                                                                                                                   
}                                                                                                                                                                                     
if and($http_mode, eq($http_mode, 'ofb-256')) {                                                                                                                                       
  set(aes_conf, 'key', '146ebcc8-392b-4b3a-a720-e7356f62')                                                                                                                          
  set(aes_conf, 'cipher_len', 256)                                                                                                                                                  
  set(aes_conf, 'cipher_mode', 'ofb')                                                                                                                                               
  set(aes_conf, 'iv', tochar(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0))                                                                                                                      
  plaintext = 'hello aes ofb-256'                                                                                                                                                   
}                                                                                                                                                                                     

aes_obj = aes_new(aes_conf)                                                                                                                                                           
if not(aes_obj) {                                                                                                                                                                     
  say(concat('aes obj failed'))                                                                                                                                                     
  exit(400)                                                                                                                                                                         
}                                                                                                                                                                                     

ciphertext = aes_enc(aes_obj, plaintext)                                                                                                                                              
plaintext_reverse = aes_dec(aes_obj, ciphertext)                                                                                                                                      

say(concat('plain: ', plaintext))                                                                                                                                                     
say(concat('cipher: ', tohex(ciphertext)))                                                                                                                                            
say(concat('plain_reverse: ', plaintext_reverse))                                                                                                                                     

if ne(plaintext, plaintext_reverse) {                                                                                                                                                 
  say('plaintext ~= plaintext_reverse')                                                                                                                                            
  exit(400)                                                                                                                                                                        
}

aes_dec

The following table describes the details about this function.

Item

Description

Syntax

aes_dec(o, s)

Description

Decrypts data by using the AES encryption algorithm.

Parameters

  • s: the ciphertext to be decrypted.

  • o: the AES object returned by the aes_new function.

Return value

Returns the plaintext after the text specified by the s parameter is decrypted.

Example

aes_conf = []                                                                                                                                                                         
plaintext = ''                                                                                                                                                                        
if and($http_mode, eq($http_mode, 'ecb-128')) {                                                                                                                                       
  set(aes_conf, 'key', 'ab8bfd9f-a1af-4ba2-bbb0-1ee520e3d8bc')                                                                                                                      
  set(aes_conf, 'salt', '1234567890')                                                                                                                                               
  set(aes_conf, 'cipher_len', 128)                                                                                                                                                  
  set(aes_conf, 'cipher_mode', 'ecb')                                                                                                                                               
  plaintext = 'hello aes ecb-128'                                                                                                                                                   
}                                                                                                                                                                                     
if and($http_mode, eq($http_mode, 'cbc-256')) {                                                                                                                                       
  set(aes_conf, 'key', '146ebcc8-392b-4b3a-a720-e7356f62')                                                                                                                          
  set(aes_conf, 'cipher_len', 256)                                                                                                                                                  
  set(aes_conf, 'cipher_mode', 'cbc')                                                                                                                                               
  set(aes_conf, 'iv', '0123456789abcdef')                                                                                                                                           
  plaintext = 'hello aes cbc-256'                                                                                                                                                   
}                                                                                                                                                                                     
if and($http_mode, eq($http_mode, 'ofb-256')) {                                                                                                                                       
  set(aes_conf, 'key', '146ebcc8-392b-4b3a-a720-e7356f62')                                                                                                                          
  set(aes_conf, 'cipher_len', 256)                                                                                                                                                  
  set(aes_conf, 'cipher_mode', 'ofb')                                                                                                                                               
  set(aes_conf, 'iv', tochar(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0))                                                                                                                      
  plaintext = 'hello aes ofb-256'                                                                                                                                                   
}                                                                                                                                                                                     

aes_obj = aes_new(aes_conf)                                                                                                                                                           
if not(aes_obj) {                                                                                                                                                                     
  say(concat('aes obj failed'))                                                                                                                                                     
  exit(400)                                                                                                                                                                         
}                                                                                                                                                                                     

ciphertext = aes_enc(aes_obj, plaintext)                                                                                                                                              
plaintext_reverse = aes_dec(aes_obj, ciphertext)                                                                                                                                      

say(concat('plain: ', plaintext))                                                                                                                                                     
say(concat('cipher: ', tohex(ciphertext)))                                                                                                                                            
say(concat('plain_reverse: ', plaintext_reverse))                                                                                                                                     

if ne(plaintext, plaintext_reverse) {                                                                                                                                                 
  say('plaintext ~= plaintext_reverse')                                                                                                                                            
  exit(400)                                                                                                                                                                        
}

sha1

The following table describes the details about this function.

Item

Description

Syntax

sha1(s)

Description

Calculates an SHA-1 digest.

Parameters

s: the string for which you want to calculate a digest.

Return value

Returns an SHA-1 digest in the binary format.

Example

digest = sha1('hello sha')                                                                                                                                                        
say(concat('sha1:', tohex(digest)))

Output:
sha1:853789bc783a6b573858b6cc9f913afe82962956

sha2

The following table describes the details about this function.

Item

Description

Syntax

sha2(s, l)

Description

Calculates an SHA-2 digest.

Parameters

  • s: the string for which you want to calculate a digest.

  • l: the length of the SHA-2 value. Valid values: 224, 256, 384, and 512.

Return value

Returns an SHA-2 digest in the binary format.

Example

digest = sha2('hello sha2', 224)
say(concat('sha2-224:', tohex(digest)))

digest = sha2('hello sha2', 256)
say(concat('sha2-256:', tohex(digest)))

digest = sha2('hello sha2', 384)
say(concat('sha2-384:', tohex(digest)))

digest = sha2('hello sha2', 512)
say(concat('sha2-512:', tohex(digest)))

Output:
sha2-224:b24b7effcf53ce815ee7eb73c7382613aba1c334e2a1622655362927
sha2-256:af0425cee23c236b326ed1f008c9c7c143a611859a11e87d66d0a4c3217c7792
sha2-384:bebbdde9efabd4b9cf90856cf30e0b024dd13177d9367d2dcf8d7a04e059f92260f16b21e261358c2271be32086ef35b
sha2-512:a1d1aef051c198c0d26bc03500c177a315fa248cea815e04fbb9a75e5be5061617daab311c5e3d0b215dbfd4e83e73f23081242b0143dcdfce5cd92ec51394f7

hmac

The following table describes the details about this function.

Item

Description

Syntax

hmac(k, s, v)

Description

Calculates an HMAC digest.

Parameters

  • k: the key of the algorithm.

  • s: the string for which you want to calculate a digest.

  • v: the version of the algorithm. Valid values: md5, sha1, sha256, and sha512.

Return value

Returns an HMAC digest in the binary format calculated by using the corresponding algorithm.

Example

k = '146ebcc8-392b-4b3a-a720-e7356f62f87b'
v = 'hello mac'
say(concat('hmac(md5): ', tohex(hmac(k, v, 'md5'))))
say(concat('hmac(sha1): ', tohex(hmac(k, v, 'sha1'))))
say(concat('hmac(sha256): ', tohex(hmac(k, v, 'sha256'))))
say(concat('hmac(sha512): ', tohex(hmac(k, v, 'sha512'))))
say(concat('hmac_sha1(): ', tohex(hmac_sha1(k, v))))

Output:
hmac(md5): 358cbfca8ad663b547c83748de2ea778
hmac(sha1): 5555633cef48c3413b68f9330e99357df1cc3d93
hmac(sha256): 7a494543cad3b92ce1e7c4bbc86a8f5212b53e4d661f7830f455847540a85771
hmac(sha512): 59d7c07996ff675b45bd5fd40a6122bb5f40f597357a9b4a9e29da6f5c7cb806798c016fe09cb46457b6df9717d26d0af19896f72eaf4296be03e3681fea59ad
hmac_sha1(): 5555633cef48c3413b68f9330e99357df1cc3d93

hmac_sha1

The following table describes the details about this function.

Item

Description

Syntax

hmac_sha1(k, s)

Description

Calculates an HMAC-SHA-1 digest.

Parameters

  • s: the string for which you want to calculate a digest.

  • k: the HMAC-SHA-1 key.

Return value

Returns an HMAC-SHA-1 digest in the binary format.

Example

k = '146ebcc8-392b-4b3a-a720-e7356f62f87b'
v = 'hello mac'
say(concat('hmac(md5): ', tohex(hmac(k, v, 'md5'))))
say(concat('hmac(sha1): ', tohex(hmac(k, v, 'sha1'))))
say(concat('hmac(sha256): ', tohex(hmac(k, v, 'sha256'))))
say(concat('hmac(sha512): ', tohex(hmac(k, v, 'sha512'))))
say(concat('hmac_sha1(): ', tohex(hmac_sha1(k, v))))

Output:
hmac(md5): 358cbfca8ad663b547c83748de2ea778
hmac(sha1): 5555633cef48c3413b68f9330e99357df1cc3d93
hmac(sha256): 7a494543cad3b92ce1e7c4bbc86a8f5212b53e4d661f7830f455847540a85771
hmac(sha512): 59d7c07996ff675b45bd5fd40a6122bb5f40f597357a9b4a9e29da6f5c7cb806798c016fe09cb46457b6df9717d26d0af19896f72eaf4296be03e3681fea59ad
hmac_sha1(): 5555633cef48c3413b68f9330e99357df1cc3d93

md5

The following table describes the details about this function.

Item

Description

Syntax

md5(s)

Description

Calculates an MD5 digest.

Parameters

s: the string for which you want to calculate a digest.

Return value

Returns an MD5 digest in the hexadecimal format.

Example

say(concat('md5: ', md5('hello md5')))

Output:
md5: 741fc6b1878e208346359af502dd11c5

md5_bin

The following table describes the details about this function.

Item

Description

Syntax

md5_bin(s)

Description

Calculates an MD5 digest.

Parameters

s: the string for which you want to calculate a digest.

Return value

Returns an MD5 digest in the binary format.

Example

say(concat('md5_bin: ', tohex(md5_bin('hello md5'))))

Output:
md5_bin: 741fc6b1878e208346359af502dd11c5