2

我在 PHP 和 C++ 中都有一个类,可以简单地采用一个值字符串和盐字符串来为隐私做一些盐渍。这个想法是一个 PHP 脚本将加密一个 C++ 程序接收和解密的字符串。他们使用预先共享的盐串,同步模式。

问题在于似乎相同的逻辑,它们为加密相同的字符串生成了不同的结果。这意味着解密字符串的任一端都不会导致给出它的原始字符串。

这可能是我错过或犯错的非常简单的事情。或者可能它与使用字符编码的 PHP 有关,因为 C++ 是原始比特流。PHP 脚本设置为使用纯文本输出,使用“us-ascii”编码。

这是 PHP 类:

define( 'NUM_STRINGS', 256 );

class CTwEncryption
{
    function Crypt( $szValue, $szSalt )
    {
        $iValueSize = (int)strlen( $szValue );
        $iSaltSize  = (int)strlen( $szSalt );

        $szStrings  = array();
        $szKeys     = array();

        $j = 1;

        // Init array of 0-255
        for ( $i = 0; $i < NUM_STRINGS; $i++ )
            $szStrings[ $i ] = $i;

        // Init array of 0-255 with a calculated char value
        for ( $i = 0; $i < NUM_STRINGS; $i++ )
        {
            if ( $j > $iSaltSize )
                $j = 1;

            $szKeys[ $i ] = ord( substr( $szSalt, $j, 1 ) );
            $j++;
        }

        // Shuffle the array values around to give a random value
        $j = 0;
        for ( $i = 0; $i < NUM_STRINGS; $i++ )
        {
            $j = ( $j + $szStrings[ $i ] + $szKeys[ $i ] ) % NUM_STRINGS;

            $szTemp = $szStrings[ $i ];
            $szStrings[ $i ] = $szStrings[ $j ];
            $szStrings[ $j ] = $szTemp;
        }

        // Encrypt/decrypt the string
        $szReturnValue = null;
        $i = 0;
        $j = 0;

        for ( $x = 0; $x < $iValueSize; $x++ )
        {
            $i = ( $i + 1 ) % NUM_STRINGS;
            $j = ( $j + $szStrings[ $i ] ) % NUM_STRINGS;

            $szTemp = $szStrings[ $i ];
            $szStrings[ $i ] = $szStrings[ $j ];
            $szStrings[ $j ] = $szTemp;

            $t = ( $szStrings[ $i ] + ( $szStrings[ $j ] % NUM_STRINGS ) ) % NUM_STRINGS;
            $y = $szStrings[ $t ];

            $cCrypt = chr( substr( $szValue, $x, 1 ) ^ $y );
            $szReturnValue .= $cCrypt;
        }

        // Return encrypted/decrypted string
        return $szReturnValue;
    }
}

这是 C++ 类:

#define NUM_STRINGS 256

class CTwEncryption
{
private:
    char    *szWorking;

public:
    CTwEncryption()     { szWorking = NULL; };
    ~CTwEncryption()    { if ( szWorking != NULL ) { delete szWorking; szWorking = NULL; } };

    char *Crypt( const char szValue[], const char szSalt[] )
    {
        const int iValueSize = (int)strlen( szValue );
        const int iSaltSize = (int)strlen( szSalt );

        if ( iValueSize == 0 || iSaltSize == 0 )
            return NULL;

        int j = 1;

        char *szStrings[ NUM_STRINGS ];
        char *szKeys[ NUM_STRINGS ];

        // Init array of 0-255
        for ( int i = 0; i < NUM_STRINGS; i++ )
        {
            char *szString = new char[ iValueSize + 1 ];

            itoa( i, szString, 10 );
            szString[ iValueSize ] = 0;

            szStrings[ i ] = szString;
        }

        // Init array of 0-255 with a calculated char value
        for ( int i = 0; i < NUM_STRINGS; i++ )
        {
            char *szKey = new char[ iValueSize + 1 ];

            if ( j > iSaltSize )
                j = 1;

            itoa( (int)( szSalt[ j ] ), szKey, 10 );
            szKey[ iValueSize ] = 0;

            szKeys[ i ] = szKey;
            j++;
        }

        // Shuffle the array values around to give a random value
        j = 0;
        for ( int i = 0; i < NUM_STRINGS; i++ )
        {
            j = ( j + atoi( szStrings[ i ] ) + atoi( szKeys[ i ] ) ) % NUM_STRINGS;

            char *szTemp = szStrings[ i ];
            szStrings[ i ] = szStrings[ j ];
            szStrings[ j ] = szTemp;
        }

        // Encrypt/decrypt the string
        szWorking = new char[ iValueSize + 1 ];
        for ( int i = 0; i <= iValueSize; i++ )
            szWorking[ i ] = 0;

        int i = 0;
        j = 0;

        for ( int x = 0; x <= iValueSize; x++ )
        {
            i = ( i + 1 ) % NUM_STRINGS;
            j = ( j + atoi( szStrings[ i ] ) ) % NUM_STRINGS;

            char *szTemp = szStrings[ i ];
            szStrings[ i ] = szStrings[ j ];
            szStrings[ j ] = szTemp;

            int t = ( atoi( szStrings[ i ] ) + ( atoi( szStrings[ j ] ) % NUM_STRINGS ) ) % NUM_STRINGS;
            int y = atoi( szStrings[ t ] );

            char cCrypt = char( (int)( szValue[ x ] ) ^ y );
            szWorking[ x ] = cCrypt;
        }

        // Clean dynamic memory
        for ( int i = 0; i < NUM_STRINGS; i++ )
        {
            delete szStrings[ i ];
            delete szKeys[ i ];

            szStrings[ i ] = NULL;
            szKeys[ i ] = NULL;
        }

        // Return encrypted/decrypted string
        szWorking[ iValueSize ] = 0;
        return szWorking;
    }
};

任何帮助将不胜感激,谢谢:)

4

2 回答 2

1

我不确定,但也许使用mb_*函数会有所帮助:

  • 而不是strlen使用mb_strlen
  • 而不是substr使用mb_substr

要么只给它值,要么给它编码(但mb_*如果没有提供,每个函数都应该检查字符串编码)。

于 2012-05-03T12:59:25.463 回答
0

想通了。看起来我需要通过 HTTP PUT 请求将输入发送到 PHP 脚本,并使用 fopen("php://input", "rb") 读取它。看起来 PHP 没有以二进制安全的方式处理任何东西。同样在 C++ 和 PHP 上,我都将每个字符视为一个整数,这应该允许在二进制安全模式下正确处理 UTF-32 字符串。

这是我的 C++ 类,我在“twencrypt.h”中有我的:

#ifndef TWCRYPT_H
#define TWCRYPT_H

/***
*
*   Two-way string encryption
*   This will encrypt/decrypt a string using a salt.
*
*   -AdamR
*
****/

#define NUM_STRINGS 256

class CTwEncryption
{
private:
    char    *szWorking;

public:
    CTwEncryption()     { szWorking = NULL; };
    ~CTwEncryption()    { if ( szWorking != NULL ) { delete szWorking; szWorking = NULL; } };

    char *Crypt( const char szValue[], const char szSalt[] )
    {
        const int iValueSize = (int)strlen( szValue );
        const int iSaltSize = (int)strlen( szSalt );

        if ( iValueSize < 1 || iSaltSize <  1 )
            return NULL;

        int j = 1;

        int iChars[ NUM_STRINGS ];
        int iKeys[ NUM_STRINGS ];

        // Init array of 0-255
        for ( int i = 0; i < NUM_STRINGS; i++ )
            iChars[ i ] = i;

        // Init array of 0-255 with a calculated char value
        for ( int i = 0; i < NUM_STRINGS; i++ )
        {
            if ( j > iSaltSize )
                j = 1;

            iKeys[ i ] = szSalt[ j ];
            j++;
        }

        // Shuffle the array values around to give a random value
        j = 0;
        for ( int i = 0; i < NUM_STRINGS; i++ )
        {
            j = ( j + iChars[ i ] + iKeys[ i ] ) % NUM_STRINGS;

            int iTemp = iChars[ i ];
            iChars[ i ] = iChars[ j ];
            iChars[ j ] = iTemp;
        }

        // Encrypt/decrypt the string
        szWorking = new char[ iValueSize + 1 ];
        for ( int i = 0; i <= iValueSize; i++ )
            szWorking[ i ] = 0;

        int i = 0;
        j = 0;

        for ( int x = 0; x <= iValueSize; x++ )
        {
            i = ( i + 1 ) % NUM_STRINGS;
            j = ( j + iChars[ i ] ) % NUM_STRINGS;

            int iTemp = iChars[ i ];
            iChars[ i ] = iChars[ j ];
            iChars[ j ] = iTemp;

            int t = ( iChars[ i ] + ( iChars[ j ] % NUM_STRINGS ) ) % NUM_STRINGS;
            int y = iChars[ t ];

            char cCrypt = char( (int)( szValue[ x ] ) ^ y );
            szWorking[ x ] = cCrypt;
        }

        // Return encrypted/decrypted string
        szWorking[ iValueSize ] = 0;
        return szWorking;
    }
};

#endif

由于它返回一个 char 指针,我建议您使用 strcpy() 将其放在安全的地方。这是一个示例,请记住完全相同的代码也用于解密字符串。

const char *szString = "My string to encrypt";
const char *szSalt   = "Some salt here :D";
int iStringSize      = (int)strlen( szString );

char *szEncrypted = new char( iStringSize ) + 1 );
CTwEncryption *pTwCrypt = new CTwEncryption();
strcpy( szEncrypted, pTwCrypt->Crypt( szString, szSalt );
szEncrypted[ iStringSize ] = 0;
delete pTwCrypt;

这是我的 PHP 类:

<?php
    define( 'NUM_STRINGS', 256 );

    class CTwEncryption
    {
        function Crypt( $szValue, $szSalt )
        {
            $iValueSize = strlen( $szValue );
            $iSaltSize  = strlen( $szSalt );

            if ( $iValueSize == 0 || $iSaltSize == 0 )
                return null;

            $j = 1;

            $iChars = array();
            $iKeys  = array();

            // Init array of 0-255
            for ( $i = 0; $i < NUM_STRINGS; $i++ )
                $iChars[ $i ] = $i;

            // Init array of 0-255 with a calculated char value
            for ( $i = 0; $i < NUM_STRINGS; $i++ )
            {
                if ( $j > $iSaltSize )
                    $j = 1;

                $iKeys[ $i ] = ord( $szSalt[ $j ] );
                $j++;
            }

            // Shuffle the array values around to give a random value
            $j = 0;
            for ( $i = 0; $i < NUM_STRINGS; $i++ )
            {
                $j = ( $j + $iChars[ $i ] + $iKeys[ $i ] ) % NUM_STRINGS;

                $iTemp = $iChars[ $i ];
                $iChars[ $i ] = $iChars[ $j ];
                $iChars[ $j ] = $iTemp;
            }

            // Encrypt/decrypt the string
            $szReturnValue = null;
            $i = 0;
            $j = 0;

            for ( $x = 0; $x < $iValueSize; $x++ )
            {
                $i = ( $i + 1 ) % NUM_STRINGS;
                $j = ( $j + $iChars[ $i ] ) % NUM_STRINGS;

                $iTemp = $iChars[ $i ];
                $iChars[ $i ] = $iChars[ $j ];
                $iChars[ $j ] = $iTemp;

                $t = ( $iChars[ $i ] + ( $iChars[ $j ] % NUM_STRINGS ) ) % NUM_STRINGS;
                $y = $iChars[ $t ];

                $iValue = str_split( $szValue );
                for ( $c = 0; $c < $iValueSize; $c++ )
                    $iValue[ $c ] = ord( $iValue[ $c ] );

                $cCrypt = chr( $iValue[ $x ] ^ $y );
                $szReturnValue .= $cCrypt;
            }

            // Return encrypted/decrypted string
            return $szReturnValue;
        }
    }

    $c_TwEncryption = new CTwEncryption;
?>

这个更容易使用。很简单:

$szString    = "My string to hide lollercoaster";
$szSalt      = "super duper password of doom";

$szEncrypted = $c_TwEncryption->Crypt( $szString, $szSalt );
$szDecrypted = $c_TwEncryption->Crypt( $szEncrypted, $szSalt );

请记住,您不应通过 HTTP GET 或 POST 请求定义 $szString 或 $szSalt(PHP 端)。安全并使用 PUT 请求,并像这样阅读它:

$szString = null;
$hInData = fopen( "php://input", "rb" ) || die( "Unable to open HTTP PUT handle." );

if( $hInData != null )
{
    while ( $bData = fread( $hRequest, 1024 ) )
        $szString .= $bData;
}
else
    die( "Unable to read HTTP PUT data." );

fClose( $hInData ) || die( "Unable to close HTTP PUT handle." );

if( $szString == null || empty( $szString ) )
    die( "No data read from HTTP PUT stream." );

享受。

于 2012-06-26T19:57:29.857 回答