所以我试图在一个 Objective-C 项目中使用 Crypto++ 的加密。问题在于如何处理 IV?我尝试将其预先附加到密文中。但是后来我在恢复它以进行解密时遇到了问题。
这是代码:
- (NSString *)encryptUsingSerpentWithPlaintext:(NSString *)plaintext andKey:(NSData *)keyData
{
std::string ptext = [plaintext UTF8String];
std::string ciphertext;
byte key[ CryptoPP::Serpent::MAX_KEYLENGTH ], iv[ CryptoPP::Serpent::BLOCKSIZE ];
CryptoPP::AutoSeededX917RNG<CryptoPP::Serpent> rng;
rng.GenerateBlock(iv, CryptoPP::Serpent::BLOCKSIZE);
std::string ivs(reinterpret_cast<char const *>(iv));
lcl_log(lcl_cCrypto, lcl_vDebug, @"Random IV:%s",ivs.c_str());
::memcpy(key, keyData.bytes, keyData.length);
CryptoPP::Serpent::Encryption serpentEncryptor (key, CryptoPP::Serpent::MAX_KEYLENGTH);
CryptoPP::CBC_Mode_ExternalCipher::Encryption cbcSerpentEncryptor (serpentEncryptor, iv);
CryptoPP::StreamTransformationFilter stfSerpentEncryptor(cbcSerpentEncryptor, new CryptoPP::StringSink (ciphertext));
stfSerpentEncryptor.Put( reinterpret_cast<const unsigned char*>( ptext.c_str() ), ptext.length() + 1);
stfSerpentEncryptor.MessageEnd();
lcl_log(lcl_cCrypto, lcl_vDebug, @"Non-Encoded ciphertext [size:%lu]:%s",sizeof(ciphertext),ciphertext.c_str());
std::string finalCT;
ciphertext = ivs + ciphertext; // add the IV before the ciphertext
lcl_log(lcl_cCrypto, lcl_vDebug, @"Non-Encoded iv+ciphertext [size:%lu]:%s",sizeof(ciphertext),ciphertext.c_str());
CryptoPP::StringSource base64Encoder (ciphertext, true, new CryptoPP::Base64Encoder(new CryptoPP::StringSink(finalCT)));
// apply HMAC
// TO DO
NSString *cryptogram = [NSString stringWithUTF8String:finalCT.c_str()];
return cryptogram;
}
- (NSString *)decryptUsingSerpentWithCiphertext:(NSString *)ciphertext andKey:(NSData *)keyData
{
std::string ctext;
std::string plaintext;
byte key[ CryptoPP::Serpent::MAX_KEYLENGTH ], iv[ CryptoPP::Serpent::BLOCKSIZE ];
::memcpy(key, keyData.bytes, keyData.length);
// decode from base64
std::string encoded = [ciphertext UTF8String];
CryptoPP::StringSource base64Decoder (encoded, true, new CryptoPP::Base64Decoder(new CryptoPP::StringSink(ctext)));
lcl_log(lcl_cCrypto, lcl_vDebug, @"Non-Encoded iv+ciphertext [size:%lu]:%s",sizeof(ctext),ctext.c_str());
// get the IV from the beggining of the cryptogram
std::string ivs = ctext.substr(0,CryptoPP::Serpent::BLOCKSIZE+5);
lcl_log(lcl_cCrypto, lcl_vDebug, @"Recovered IV:%s",ivs.c_str());
::memcpy(iv, &ivs, ivs.size());
// remove the IV from the cryptogram
ctext.erase(0,CryptoPP::Serpent::BLOCKSIZE+5);
lcl_log(lcl_cCrypto, lcl_vDebug, @"Non-Encoded ciphertext [size:%lu]:%s",sizeof(ctext),ctext.c_str());
CryptoPP::Serpent::Decryption serpentDecryptor (key, CryptoPP::Serpent::MAX_KEYLENGTH);
CryptoPP::CBC_Mode_ExternalCipher::Decryption cbcSerpentDecryptor (serpentDecryptor, iv);
CryptoPP::StreamTransformationFilter stfSerpentDecryptor(cbcSerpentDecryptor, new CryptoPP::StringSink (plaintext));
stfSerpentDecryptor.Put( reinterpret_cast<const unsigned char*>( ctext.c_str() ), ctext.length());
stfSerpentDecryptor.MessageEnd();
NSString *plainText = [NSString stringWithUTF8String:plaintext.c_str()];
return plainText;
}
请注意,我需要将 5 添加到预期的 iv 大小才能获得完整的 IV。然后我收到一个关于“发现无效的 PCKS#7 填充。无效的密文”的错误
如何最好地管理静脉输液?(我还想在 iv+ciphertext 中添加一个 HMAC(Encrypt-then-MAC)...
如果我这样做:
// get the IV from the beggining of the cryptogram
std::string ivs = ctext.substr(0,CryptoPP::Serpent::BLOCKSIZE);
lcl_log(lcl_cCrypto, lcl_vDebug, @"Recovered IV:%s",ivs.c_str());
::memcpy(iv, &ivs, ivs.size());
// remove the IV from the cryptogram
ctext.erase(0,CryptoPP::Serpent::BLOCKSIZE);
日志将显示仍然在密文中的一些 IV 字节,并生成“无效密文,大小不是块大小的倍数”异常。
日志:
2013-12-01 17:59:37.747 App[413:70b] D Crypto:PSCryptoCore.mm:51:-[PSCryptoCore testSerpentEncryptonMechanism] Initial plaintext:Serpentine and black...
2013-12-01 17:59:37.748 App[413:70b] D Crypto:PSCryptoCore.mm:74:-[PSCryptoCore encryptUsingSerpentWithPlaintext:andKey:] Random IV:ç©ìùËß,¬<ÎΩ9ZÑ0 Û
2013-12-01 17:59:37.749 App[413:70b] D Crypto:PSCryptoCore.mm:87:-[PSCryptoCore encryptUsingSerpentWithPlaintext:andKey:] Non-Encoded ciphertext [size:4]:PÉò»ÓÔҥ 1æIõ¶”Áˆ™8äºBmº†c
õ
2013-12-01 17:59:37.749 App[413:70b] D Crypto:PSCryptoCore.mm:93:-[PSCryptoCore encryptUsingSerpentWithPlaintext:andKey:] Non-Encoded iv+ciphertext [size:4]:ç©ìùËß,¬<ÎΩ9ZÑ0 ÛPÉò»ÓÔҥ 1æIõ¶”Áˆ™8äºBmº†c
õ
2013-12-01 17:59:37.750 App[413:70b] D Crypto:PSCryptoCore.mm:54:-[PSCryptoCore testSerpentEncryptonMechanism] ciphertext:C42pk53opyzCPOu9FDlahDAg8wgBUIOYyO7M0/G0IDG+SZum0+f2qjiKvA4RQm28HaBjCps=
2013-12-01 17:59:37.750 App[413:70b] D Crypto:PSCryptoCore.mm:118:-[PSCryptoCore decryptUsingSerpentWithCiphertext:andKey:] Non-Encoded iv+ciphertext [size:4]:ç©ìùËß,¬<ÎΩ9ZÑ0 ÛPÉò»ÓÔҥ 1æIõ¶”Áˆ™8äºBmº†c
õ
2013-12-01 17:59:37.752 App[413:70b] D Crypto:PSCryptoCore.mm:123:-[PSCryptoCore decryptUsingSerpentWithCiphertext:andKey:] Recovered IV:ç©ìùËß,¬<ÎΩ9ZÑ
2013-12-01 17:59:37.753 App[413:70b] D Crypto:PSCryptoCore.mm:131:-[PSCryptoCore decryptUsingSerpentWithCiphertext:andKey:] Non-Encoded ciphertext [size:4]:0 ÛPÉò»ÓÔҥ 1æIõ¶”Áˆ™8äºBmº†c
õ
libc++abi.dylib: terminating with uncaught exception of type CryptoPP::InvalidCiphertext: StreamTransformationFilter: ciphertext length is not a multiple of block size
请注意,在我尝试撤销它之后,IV 的一部分仍然在密文前面。这是为什么呢?