logo标签列表

AES CBC加密/解密仅解密前16个字节。

c++opensslaes
5
我正在使用AES CBC和openssl进行一些工作,目前,我遇到了一个问题,无法猜测出错在哪里(像往常一样)。
如果消息长度小于16个字节,则加密和解密过程正常工作,但是当消息大于16个字节时,解密仅适用于前16个字节。
当我调用时,输出为:
Using:
IVector   = |000102030405060708090a0b0c0d0e0f|
Key       = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Encrypted = |6c65219594c0dae778f9b5e84f018db6|

Encrypting : stackoverflow
With Key   : stackoverflow
Becomes    :  ??????¤le!òö++þx¨ÁÞO?ìÂ.

Using:
IVector   = |000102030405060708090a0b0c0d0e0f|
Key       = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Decrypted = |737461636b6f766572666c6f77|

Decrypting :  ??????¤le!òö++þx¨ÁÞO?ìÂ
With Key   : stackoverflow
Becomes    : stackoverflow

当我执行 aes.exe stackoverflowstackoverflow stackoverflow 命令时,输出的结果如下:
Using:
IVector   = |000102030405060708090a0b0c0d0e0f|
Key       = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Encrypted = |46172e3f7fabdcfc6c8b3e65aef175cddf8164236faf706112c15f5e765e49a5|

Encrypting : stackoverflowstackoverflow
With Key   : stackoverflow
Becomes    :  ??????¤F?.?¦½_³lï>e«±u-¯üd#o»pa?-_^v^IÑ.

Using:
IVector   = |000102030405060708090a0b0c0d0e0f|
Key       = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Decrypted = |737461636b6f766572666c6f77737461257d434a1edcbc970bf5346ea2fc7bc2|

Decrypting :  ??????¤F?.?¦½_³lï>e«±u-¯üd#o»pa?-_^v^IÑ
With Key   : stackoverflow
Becomes    : stackoverflowsta%}CJ?_+ù?§4nó³{-.

我为每个加密/解密调用提供一个随机的初始向量,并在两种情况下将密码标准化为32字节;我还缺少什么?有人知道吗?

源代码:

#include <vector>
#include <string>
#include <iostream>

// Make a Key of exactly 32 bytes, truncates or adds values if it's necessary
std::string AES_NormalizeKey(const void *const apBuffer, size_t aSize)
{
    static const unsigned char key32[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
    const char *const Buffer = reinterpret_cast<const char *>(apBuffer);
    std::string Result(reinterpret_cast<const char *>(key32), 32);
    std::copy(Buffer, Buffer + ((aSize < 32)? aSize: 32), Result.begin());
    return Result;
}

// Encrypt using AES cbc
std::string AESEncrypt(const void *const apBuffer, size_t aBufferSize, const void *const apKey, size_t aKeySize, std::string &aIVector)
{
    // Create IVector.
    unsigned char AES_IVector[16] = {0};
    std::srand(static_cast<int>(time(NULL)));
    std::generate(std::begin(AES_IVector), std::end(AES_IVector), std::rand);
    std::copy(std::begin(AES_IVector), std::end(AES_IVector), aIVector.begin());

    // Create key.
    const std::string Key(AES_NormalizeKey(apKey, aKeySize));
    AES_KEY EncryptKey;
    AES_set_encrypt_key(reinterpret_cast<const unsigned char *>(Key.c_str()), 256, &EncryptKey);

    // Encrypt.
    unsigned char AES_Encrypted[1024] = {0};
    AES_cbc_encrypt(static_cast<const unsigned char *>(apBuffer), AES_Encrypted, aBufferSize, &EncryptKey, AES_IVector, AES_ENCRYPT);
    const std::string Encrypted(reinterpret_cast<const char *>(AES_Encrypted), ((aBufferSize / 16) + 1) * 16);

    // Finish.
    return Encrypted;
};

// Decrypt using AES cbc
std::string AESDecrypt(const void *const apBuffer, size_t aBufferSize, const void *const apKey, size_t aKeySize, std::string &aIVector)
{
    // Read IVector.
    unsigned char AES_IVector[16] = {0};
    std::copy(aIVector.begin(), aIVector.end(), std::begin(AES_IVector));

    // Create Key.
    const std::string Key(AES_NormalizeKey(apKey, aKeySize));
    AES_KEY DecryptKey;
    AES_set_decrypt_key(reinterpret_cast<const unsigned char *>(Key.c_str()), 256, &DecryptKey);

    // Decrypt.
    unsigned char AES_Decrypted[1024] = {0};
    AES_cbc_encrypt(static_cast<const unsigned char *>(apBuffer), AES_Decrypted, aBufferSize, &DecryptKey, AES_IVector, AES_DECRYPT);
    const std::string Decrypted(reinterpret_cast<const char *>(AES_Decrypted));

    // Finish.
    return Decrypted;
};

// Entry point
int main(unsigned int argc, char **argv)
{
    typedef std::vector<const std::string> vs;
    vs a;

    for (vs::size_type Index = 0; Index < argc; ++Index)
    {
        a.push_back(argv[Index]);
    }

    if (a.size() == 3)
    {
        std::string IV("");

        std::string e(AESEncrypt(a.at(1).c_str(), a.at(1).size(), a.at(2).c_str(), a.at(2).size()), IV);
            std::cout << "Encrypting : " << a.at(1) << "\n"
                      << "With Key   : " << a.at(2) << "\n"
                      << "Becomes    : " << e << ".\n";

        std::string d(AESDecrypt(e.c_str(), e.size(), a.at(2).c_str(), a.at(2).size()), IV);
            std::cout << "Decrypting : " << e << "\n"
                      << "With Key   : " << a.at(2) << "\n"
                      << "Becomes    : " << d << ".\n";
    }

    return 0;
}
你不应该使用 AES_encrypt 和相关函数,而应该使用 EVP_* 函数。请参考 OpenSSL wiki 上的 EVP Symmetric Encryption and Decryption。事实上,你应该使用认证加密,因为它提供了*机密性和真实性两个方面的保护。请参考 OpenSSL wiki 上的 EVP Authenticated Encryption and Decryption - jww
2个回答
6
您的代码基本正确,除了初始化向量因内存损坏而被覆盖、密文长度被错误地四舍五入以及在将std::string用作字节数组时应该使用std::string::data()而不是std::string::c_str()。初始化向量被复制到空字符串中,从而覆盖了栈。然后初始化向量被覆盖,因此AESDecrypt使用了不同的值。我已经包含了源代码,其中包含了indiv的建议并修复了这些问题。当使用
aes "Hello World!" stackoverflow
运行时,它会产生以下输出:
#include <vector>
#include <string>
#include <iostream>
#include <iomanip>
#include <algorithm>
#include <initializer_list>
#include <openssl/aes.h>

typedef unsigned char byte;

template <size_t multiple> size_t round_up(const size_t len)
{
    if (len % multiple == 0) return len;
    else return ((len / multiple) + 1) * multiple;
}

std::ostream &print_buffer_as_hex(std::ostream &o, const unsigned char *buf, size_t size)
{
    o << std::hex << std::setfill('0');
    for( size_t i = 0; i < size; ++i )
    {
        o << std::setw(2) << static_cast<unsigned int>(buf[i]);
    }
    return o << std::dec;
}

inline std::ostream &operator<<(std::ostream &o, const std::vector<byte> &buf)
{
    return print_buffer_as_hex(o, reinterpret_cast<const unsigned char*>(&buf[0]), buf.size());
}

// Make a Key of exactly 32 bytes, truncates or adds values if it's necessary
std::string AES_NormalizeKey(const void *const apBuffer, size_t aSize)
{
    static const unsigned char key32[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
    const char *const Buffer = reinterpret_cast<const char *>(apBuffer);
    std::string Result(reinterpret_cast<const char *>(key32), 32);
    std::copy(Buffer, Buffer + ((aSize < 32)? aSize: 32), Result.begin());
    return Result;
}

// Encrypt using AES cbc
std::string AESEncrypt(const void *const apBuffer, size_t aBufferSize, const void *const apKey, size_t aKeySize, std::vector<byte> &aIVector)
{
    // Create IVector.
    unsigned char AES_IVector[AES_BLOCK_SIZE] = {0};
    std::srand(static_cast<int>(time(NULL)));
    std::generate(std::begin(AES_IVector), std::end(AES_IVector), std::rand);
    aIVector.resize(sizeof(AES_IVector));
    std::copy(std::begin(AES_IVector), std::end(AES_IVector), aIVector.begin());

    // Create key.
    const std::string Key(AES_NormalizeKey(apKey, aKeySize));
    std::cout << "(Normalized key: ";
    print_buffer_as_hex(std::cout, (const unsigned char*)Key.data(), Key.size()) << ")\n";
    AES_KEY EncryptKey;
    AES_set_encrypt_key(reinterpret_cast<const unsigned char *>(Key.data()), 256, &EncryptKey);

    // Encrypt.
    unsigned char AES_Encrypted[1024] = {0};
    AES_cbc_encrypt(static_cast<const unsigned char *>(apBuffer), AES_Encrypted, aBufferSize, &EncryptKey, AES_IVector, AES_ENCRYPT);
    const std::string Encrypted(reinterpret_cast<const char *>(AES_Encrypted), round_up<AES_BLOCK_SIZE>(aBufferSize));

    // Finish.
    return Encrypted;
};

// Decrypt using AES cbc
std::string AESDecrypt(const void *const apBuffer, size_t aBufferSize, const void *const apKey, size_t aKeySize, std::vector<byte> &aIVector)
{
    // Read IVector.
    unsigned char AES_IVector[AES_BLOCK_SIZE] = {0};
    std::copy(aIVector.begin(), aIVector.end(), std::begin(AES_IVector));

    // Create Key.
    const std::string Key(AES_NormalizeKey(apKey, aKeySize));
    std::cout << "(Normalized key: ";
    print_buffer_as_hex(std::cout, (const unsigned char*)Key.data(), Key.size()) << ")\n";
    AES_KEY DecryptKey;
    AES_set_decrypt_key(reinterpret_cast<const unsigned char *>(Key.data()), 256, &DecryptKey);

    // Decrypt.
    unsigned char AES_Decrypted[1024] = {0};
    AES_cbc_encrypt(static_cast<const unsigned char *>(apBuffer), AES_Decrypted, aBufferSize, &DecryptKey, AES_IVector, AES_DECRYPT);
    const std::string Decrypted(reinterpret_cast<const char *>(AES_Decrypted));

    // Finish.
    return Decrypted;
};

// Entry point
int main(int argc, char **argv)
{
    typedef std::vector<std::string> vs;
    vs a;

    for (vs::size_type Index = 0; Index < static_cast<unsigned>(argc); ++Index)
    {
        a.push_back(argv[Index]);
    }

    if (a.size() == 3)
    {
        std::vector<byte> IV;

        std::string e(AESEncrypt(a.at(1).data(), a.at(1).size(), a.at(2).data(), a.at(2).size(), IV));
            std::cout << "Encrypting : " << a.at(1) << "\n"
                      << "With Key   : " << a.at(2) << "\n"
                      << "Init Vec   : " << IV << "\n"
                      << "Becomes    : " << e << "\n";

        std::string d(AESDecrypt(e.data(), e.size(), a.at(2).data(), a.at(2).size(), IV));
            std::cout << "Decrypting : " << e << "\n"
                      << "With Key   : " << a.at(2) << "\n"
                      << "Init Vec   : " << IV << "\n"
                      << "Becomes    : " << d << "\n";
    }
    std::cout.flush();

    return 0;
}
太好了!我已经测试过了,现在正常运行!至于四舍五入,我几天前已经修复了(但由于话题看起来已经过时了,我没有提到),但使用 data 而不是 c_str 是一个非常好的点! - PaperBirdMaster
1
我很高兴能够帮忙!一个小小的澄清:在这种情况下,写入空字符串是否会覆盖堆栈取决于实现。大多数std::string实现使用“小字符串优化”(即在对象内部存储小字符串),因此我认为这就是这里发生的事情。 - apokluda
0

我没有一个确切的答案,但这里有一个提示,它不适合在评论中提供。加密和解密需要相同的密钥和IV才能工作。加密函数的输出必须进入解密函数的输入。

因此,要调试您的问题,您需要打印出加密函数的输入并打印其输出。然后,您需要打印解密函数的输入数据并打印其输出。纯文本是做不到这一点的,因为您无法看到字节的真实内容。因此,请将密钥、IV和数据打印为十六进制值。

#include <iostream>
#include <iomanip>
...
std::ostream &print_buffer_as_hex(std::ostream &o, const unsigned char *buf, size_t size)
{
    for( int i = 0; i < size; ++i )
    {
        o << std::hex << std::setw(2) << std::setfill('0') << static_cast<unsigned int>(buf[i]) << std::dec;
    }
    o << "\n";

    return o;
}

这样调用:

print_buffer_as_hex(std::cout, reinterpret_cast<const char *>(AES_Encrypted), ((aBufferSize / 16) + 1) * 16);

我会使用std::vector<unsigned char>来代替std::string来存储任意字节。可以通过构造函数或resize()方法(注意是resize()而不是reserve())设置所需的空间大小。如果调用需要unsigned char *参数的API函数,只需传递&vec[0],其中vec是您的向量对象。这样您的代码看起来会更加简洁。

E.g.,

std::vector<unsigned char> iv(16);
std::srand(static_cast<int>(time(NULL)));
std::generate(iv.begin(), iv.end(), std::rand);

print_buffer_as_hex(std::cout, &iv[0], iv.size());
构建std::string Encrypted不是问题,我知道std::string构造函数中的n参数以及((aBufferSize / 16) + 1) * 16)的存在是有意义的,因为AES加密总是创建16字节数据的多个块,所以如果消息是12字节,则加密为16字节,如果消息是17字节的数据,则加密为32字节。我会按照建议将中间字节转换为十六进制。 - PaperBirdMaster
@PaperBirdMaster:今天我学到了新东西。我完全错误地理解了std::string构造函数在处理二进制数据和n参数时的工作方式。感谢您指出这一点,我已相应地编辑了我的答案。 - indiv
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接