7

我想加密一个包含少量字符串的结构,然后解密它。我尝试了以下代码。原始代码是从网上找到的,它运行良好。我将它的输入更改为结构。以下是代码。

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <openssl/aes.h>
#include <openssl/rand.h>

typedef struct ticket { /* test field */
int ticketId;
char username[20];
    char date[20];
} USR_TICKET;

// a simple hex-print routine. could be modified to print 16 bytes-per-line
static void hex_print(const void* pv, size_t len)
{
const unsigned char * p = (const unsigned char*)pv;
if (NULL == pv)
    printf("NULL");
else
{
    size_t i = 0;
    for (; i<len;++i)
        printf("%02X ", *p++);
}
printf("\n");
}

// main entrypoint
int main(int argc, char **argv)
{
    int keylength;
    printf("Give a key length [only 128 or 192 or 256!]:\n");
    scanf("%d", &keylength);

    /* generate a key with a given length */
    unsigned char aes_key[keylength/8];
    memset(aes_key, 0, keylength/8);
    if (!RAND_bytes(aes_key, keylength/8))
        exit(-1);

    /* input struct creation */
    size_t inputslength = sizeof(USR_TICKET);
    USR_TICKET ticket;
    ticket.ticketId = 1;
    time_t now = time(NULL);
    strftime(ticket.date, 20, "%Y-%m-%d", localtime(&now));
    strcpy(ticket.username, "ravinda");

    printf("Username - %s\n", ticket.username);
    printf("Ticket Id - %d\n", ticket.ticketId);
    printf("Date - %s\n", ticket.date);

    /* init vector */
    unsigned char iv_enc[AES_BLOCK_SIZE], iv_dec[AES_BLOCK_SIZE];
    RAND_bytes(iv_enc, AES_BLOCK_SIZE);
    memcpy(iv_dec, iv_enc, AES_BLOCK_SIZE);

    // buffers for encryption and decryption
    const size_t encslength = ((inputslength + AES_BLOCK_SIZE) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
    unsigned char enc_out[encslength];
    unsigned char dec_out[inputslength];
    memset(enc_out, 0, sizeof(enc_out));
    memset(dec_out, 0, sizeof(dec_out));

    // so i can do with this aes-cbc-128 aes-cbc-192 aes-cbc-256
    AES_KEY enc_key, dec_key;
    AES_set_encrypt_key(aes_key, keylength, &enc_key);
    AES_cbc_encrypt((unsigned char *)&ticket, enc_out, inputslength, &enc_key, iv_enc, AES_ENCRYPT);

    AES_set_decrypt_key(aes_key, keylength, &dec_key);
    AES_cbc_encrypt(enc_out, dec_out, encslength, &dec_key, iv_dec, AES_DECRYPT);

    printf("original:\t");
    hex_print((unsigned char *)&ticket, inputslength);

    printf("encrypt:\t");
    hex_print(enc_out, sizeof(enc_out));

    printf("decrypt:\t");
    hex_print(dec_out, sizeof(dec_out));

    USR_TICKET * dyc = (USR_TICKET *)dec_out;
    printf("Username - %s\n", dyc->username);
    printf("Ticket Id - %d\n", dyc->ticketId);
    printf("Date - %s\n", dyc->date);
    return 0;
}

问题只是结构的前两个成员正确解密。之后数据被破坏。我在这里做错了什么?

4

4 回答 4

10

几乎可以说这是 OpenSSL 的一个问题。似乎当length传递给的参数AES_cbc_encrypt是 >AES_BLOCK_SIZE但不是其整数倍(即length mod AES_BLOCK_SIZE != 0)时,最后一个块使用初始IV 而不是前一个密文块加密,这应该是 CBC 模式的情况。

您可以通过以下两种方式之一解决此问题:

将您的结构复制到大小为 的整数倍的缓冲区AES_BLOCK_SIZE,或分两部分加密 - 完整块,然后是单个部分块。后者的优点是可以避免额外的内存使用,可以按如下方式完成:

size_t fullBlocks = inputslength - (inputslength % AES_BLOCK_SIZE);
size_t remainingBlock = inputslength - fullBlocks;

AES_cbc_encrypt((unsigned char *)&ticket, enc_out, fullBlocks, &enc_key, iv_enc, AES_ENCRYPT);
AES_cbc_encrypt((unsigned char *)&ticket + fullBlocks, enc_out + fullBlocks, remainingBlock, &enc_key, iv_enc, AES_ENCRYPT);

然后,您应该能够像目前一样解密,没有问题。但是值得注意的是,您应该声明dec_out为与 相同的大小enc_out,因为您当前dec_out在解密时超出了缓冲区。

编辑:

我将此作为 OpenSSL 中的一个错误提出:https ://rt.openssl.org/Ticket/Display.html?id=3182&user=guest&pass= guest 虽然对于这实际上是一个错误还是只是一个错误存在一些争论(未记录) 未定义的行为,普遍的共识是EVP应该使用例程而不是这些低级函数。

于 2013-11-10T17:55:02.353 回答
2

问题可能出在您正在使用的结构中,主要是因为结构填充和成员大小。尝试序列化您的输入,它必须工作。以一种简单的方式,尝试分配一个 char 缓冲区并将您的结构内容一一复制到缓冲区并尝试加密该缓冲区,并在解密时也遵循相同的方法。在此发布您之后观察到的内容。我们必须能够对此做出更好的评论。

于 2013-11-10T12:55:13.870 回答
2

The original code has done the padding for you. The problem is that you passed the wrong plaintext length to AES function. You should pass encslength(padded length) to AES_cbc_encrypt. Just change this line

AES_cbc_encrypt((unsigned char *)&ticket, enc_out, inputslength, &enc_key, iv_enc, AES_ENCRYPT);

to

AES_cbc_encrypt((unsigned char *)&ticket, enc_out, encslength, &enc_key, iv_enc, AES_ENCRYPT);

This should solve your problem.

于 2013-11-11T02:02:54.737 回答
0

至少我也认为在这里使用structand不是一个好习惯sizeof(a_struct_type)

的实际二进制序列struct USR_TICKET和结果 sizeof将根据不同的填充和字节对齐实现而有所不同。

这是测试结果。

1)首先,我下载最新的openssl1.0.2c并构建它,并在OS X 10.10.3上用这个库测试代码,代码工作正常。

2)我尝试运行测试 5 次。每次,即使是original纯文本也会由于填充而改变struct(在我的操作系统上,每次都会改变最后 4 个字节)。

3)所以,同样的输入struct产生不同plain text的,最终产生不同的密文。当用户尝试raving, 1, 2015-6-25使用相同的密钥和 iv 加密相同的输入信息(此处)时,他们可能会对不同的密文输出感到困惑。

4)此外,只需更改struct内部定义,这将产生与描述(3)相同的关注点。

typedef struct ticket { /* test field */
int ticketId;
char username[19]; // here try to change from 20 to 19
    char date[20]; // here try to change from 20 to other size
} USR_TICKET;

PS。一些输出来自上述描述(2),

输出1:

Give a key length [only 128 or 192 or 256!]:
128
Username - ravinda
Ticket Id - 1
Date - 2015-06-25
original:   01 00 00 00 72 61 76 69 6E 64 61 00 00 00 00 00 00 00 00 00 00 00 00 00 32 30 31 35 2D 30 36 2D 32 35 00 00 00 00 00 00 58 BB 3A 50 
encrypt:    BA 32 86 CC 71 55 2F 73 ED A1 C9 DE 00 32 1A 20 D9 A5 16 52 8A CD F0 F7 38 04 76 38 5A 47 35 3B A3 07 97 41 C4 C2 05 53 74 93 91 26 7E DE 40 47 
decrypt:    01 00 00 00 72 61 76 69 6E 64 61 00 00 00 00 00 00 00 00 00 00 00 00 00 32 30 31 35 2D 30 36 2D 32 35 00 00 00 00 00 00 58 BB 3A 50 
Username - ravinda
Ticket Id - 1
Date - 2015-06-25

输出2:

Give a key length [only 128 or 192 or 256!]:
128
Username - ravinda
Ticket Id - 1
Date - 2015-06-25
original:   01 00 00 00 72 61 76 69 6E 64 61 00 00 00 00 00 00 00 00 00 00 00 00 00 32 30 31 35 2D 30 36 2D 32 35 00 00 00 00 00 00 58 0B 10 5A 
encrypt:    BE 60 0F FC 17 A3 42 4A 95 7C 39 DB BF 2C BA 59 42 DC 0C AD B2 20 76 6A 04 E3 DE 11 3E D0 AF 88 A5 B9 D2 25 D4 AE F0 B7 82 9F 13 39 80 39 61 9D 
decrypt:    01 00 00 00 72 61 76 69 6E 64 61 00 00 00 00 00 00 00 00 00 00 00 00 00 32 30 31 35 2D 30 36 2D 32 35 00 00 00 00 00 00 58 0B 10 5A 
Username - ravinda
Ticket Id - 1
Date - 2015-06-25
于 2015-06-25T10:58:30.553 回答