我正在使用AES CBC和openssl进行一些工作,目前,我遇到了一个问题,无法猜测出错在哪里(像往常一样)。
如果消息长度小于16个字节,则加密和解密过程正常工作,但是当消息大于16个字节时,解密仅适用于前16个字节。
当我调用时,输出为:
当我执行
如果消息长度小于16个字节,则加密和解密过程正常工作,但是当消息大于16个字节时,解密仅适用于前16个字节。
当我调用时,输出为:
Using:
IVector = |000102030405060708090a0b0c0d0e0f|
Key = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Encrypted = |6c65219594c0dae778f9b5e84f018db6|
Encrypting : stackoverflow
With Key : stackoverflow
Becomes : ??????¤le!òö++þx¨ÁÞO?ìÂ.
Using:
IVector = |000102030405060708090a0b0c0d0e0f|
Key = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Decrypted = |737461636b6f766572666c6f77|
Decrypting : ??????¤le!òö++þx¨ÁÞO?ìÂ
With Key : stackoverflow
Becomes : stackoverflow
当我执行
aes.exe stackoverflowstackoverflow stackoverflow
命令时,输出的结果如下:Using:
IVector = |000102030405060708090a0b0c0d0e0f|
Key = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Encrypted = |46172e3f7fabdcfc6c8b3e65aef175cddf8164236faf706112c15f5e765e49a5|
Encrypting : stackoverflowstackoverflow
With Key : stackoverflow
Becomes : ??????¤F?.?¦½_³lï>e«±u-¯üd#o»pa?-_^v^IÑ.
Using:
IVector = |000102030405060708090a0b0c0d0e0f|
Key = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Decrypted = |737461636b6f766572666c6f77737461257d434a1edcbc970bf5346ea2fc7bc2|
Decrypting : ??????¤F?.?¦½_³lï>e«±u-¯üd#o»pa?-_^v^IÑ
With Key : stackoverflow
Becomes : stackoverflowsta%}CJ?_+ù?§4nó³{-.
我为每个加密/解密调用提供一个随机的初始向量,并在两种情况下将密码标准化为32字节;我还缺少什么?有人知道吗?
源代码:
#include <vector>
#include <string>
#include <iostream>
// Make a Key of exactly 32 bytes, truncates or adds values if it's necessary
std::string AES_NormalizeKey(const void *const apBuffer, size_t aSize)
{
static const unsigned char key32[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
const char *const Buffer = reinterpret_cast<const char *>(apBuffer);
std::string Result(reinterpret_cast<const char *>(key32), 32);
std::copy(Buffer, Buffer + ((aSize < 32)? aSize: 32), Result.begin());
return Result;
}
// Encrypt using AES cbc
std::string AESEncrypt(const void *const apBuffer, size_t aBufferSize, const void *const apKey, size_t aKeySize, std::string &aIVector)
{
// Create IVector.
unsigned char AES_IVector[16] = {0};
std::srand(static_cast<int>(time(NULL)));
std::generate(std::begin(AES_IVector), std::end(AES_IVector), std::rand);
std::copy(std::begin(AES_IVector), std::end(AES_IVector), aIVector.begin());
// Create key.
const std::string Key(AES_NormalizeKey(apKey, aKeySize));
AES_KEY EncryptKey;
AES_set_encrypt_key(reinterpret_cast<const unsigned char *>(Key.c_str()), 256, &EncryptKey);
// Encrypt.
unsigned char AES_Encrypted[1024] = {0};
AES_cbc_encrypt(static_cast<const unsigned char *>(apBuffer), AES_Encrypted, aBufferSize, &EncryptKey, AES_IVector, AES_ENCRYPT);
const std::string Encrypted(reinterpret_cast<const char *>(AES_Encrypted), ((aBufferSize / 16) + 1) * 16);
// Finish.
return Encrypted;
};
// Decrypt using AES cbc
std::string AESDecrypt(const void *const apBuffer, size_t aBufferSize, const void *const apKey, size_t aKeySize, std::string &aIVector)
{
// Read IVector.
unsigned char AES_IVector[16] = {0};
std::copy(aIVector.begin(), aIVector.end(), std::begin(AES_IVector));
// Create Key.
const std::string Key(AES_NormalizeKey(apKey, aKeySize));
AES_KEY DecryptKey;
AES_set_decrypt_key(reinterpret_cast<const unsigned char *>(Key.c_str()), 256, &DecryptKey);
// Decrypt.
unsigned char AES_Decrypted[1024] = {0};
AES_cbc_encrypt(static_cast<const unsigned char *>(apBuffer), AES_Decrypted, aBufferSize, &DecryptKey, AES_IVector, AES_DECRYPT);
const std::string Decrypted(reinterpret_cast<const char *>(AES_Decrypted));
// Finish.
return Decrypted;
};
// Entry point
int main(unsigned int argc, char **argv)
{
typedef std::vector<const std::string> vs;
vs a;
for (vs::size_type Index = 0; Index < argc; ++Index)
{
a.push_back(argv[Index]);
}
if (a.size() == 3)
{
std::string IV("");
std::string e(AESEncrypt(a.at(1).c_str(), a.at(1).size(), a.at(2).c_str(), a.at(2).size()), IV);
std::cout << "Encrypting : " << a.at(1) << "\n"
<< "With Key : " << a.at(2) << "\n"
<< "Becomes : " << e << ".\n";
std::string d(AESDecrypt(e.c_str(), e.size(), a.at(2).c_str(), a.at(2).size()), IV);
std::cout << "Decrypting : " << e << "\n"
<< "With Key : " << a.at(2) << "\n"
<< "Becomes : " << d << ".\n";
}
return 0;
}
AES_encrypt
和相关函数,而应该使用EVP_*
函数。请参考 OpenSSL wiki 上的 EVP Symmetric Encryption and Decryption。事实上,你应该使用认证加密,因为它提供了*机密性和真实性两个方面的保护。请参考 OpenSSL wiki 上的 EVP Authenticated Encryption and Decryption。 - jww