1

我有以下我试图在 C# 中模仿的 PHP 示例。它使用带有 PKCS7 填充的 AES 128 位 ECB 加密:

$trust_jsonString="hello";
echo "input: '" . $trust_jsonString . "'\n";
echo "input (dump): " . var_dump($trust_jsonString) . "\n";

$trust_key = "9840822c-14fc-49ac-9d68-ac532f9f171e";
echo "key: '" . $trust_key . "'\n";

$blockSize=mcrypt_get_block_size(MCRYPT_RIJNDAEL_128,MCRYPT_MODE_ECB);
echo "block size: '" . $blockSize . "'\n";

$padding = $blockSize - (strlen($trust_jsonString) % $blockSize);
echo "padding: '" . $padding . "'\n";

$trust_jsonString .= str_repeat(chr($padding), $padding);

$trust_jsonString = utf8_encode($trust_jsonString);
echo "utf8 json: '" . $trust_jsonString . "'\n";
echo "utf8 json (dump): " . var_dump($trust_jsonString) . "\n";

$trust_key=utf8_encode($trust_key);
echo "encoded key: " . $trust_key . "\n";

$trust_key=(md5($trust_key));
echo "md5 hash of key (raw): " . $trust_key . "\n";

$mcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $trust_key, $trust_jsonString, MCRYPT_MODE_ECB);
echo "mcrypt (raw): " . var_dump($mcrypt) . "\n";
echo "mcrypt: " . $mcrypt . "\n";

echo "mcrypt (raw): ";
$byte_array = byteStr2byteArray($mcrypt);
for($i=0;$i<count($byte_array);$i++)
{
   printf("%02x", $byte_array[$i]);
}
echo "\n";

$presid = base64_encode($mcrypt);
echo "presid: " . $presid . "\n";

$sid=strtr($presid,'+/', '-_');
echo "sid: " . $sid . "\n";

function byteStr2byteArray($s) {
    return array_slice(unpack("C*", "\0".$s), 1);
}

我目前正在运行以下 C# 代码来尝试模拟结果:

static void Main( string[] args )
{
    string data = "hello";
    Encrypt(data);
}

static void Encrypt( string data )
{
    PaddingMode padding = PaddingMode.PKCS7;
    CipherMode cipherMode = CipherMode.ECB;
    int size = 128;

    Console.WriteLine("input: '" + data + "'");

    string officialKey = "9840822c-14fc-49ac-9d68-ac532f9f171e";
    Console.WriteLine("key: '" + officialKey + "'");

    Console.WriteLine("block size: '16'");
    Console.WriteLine( "padding: '11'" );

    var utf8dataBytes = Encoding.UTF8.GetBytes(data);
    var utf8data = Encoding.UTF8.GetString(utf8dataBytes);
    Console.WriteLine("utf8 json: '" + utf8data + "'");

    Console.WriteLine("encoded key (utf8): " + officialKey);

    var utf8KeyBytes = Encoding.UTF8.GetBytes(officialKey);

    var myMD5 = MD5.Create();
    var md5HashOfKey = myMD5.ComputeHash(utf8KeyBytes);

    Console.WriteLine( "md5 hash of key (raw): " + DumpBinary(md5HashOfKey) );

    byte[] encryptedBlob;

    using ( var aes = new AesManaged() )
    {
        try
        {
            aes.Padding = PaddingMode.PKCS7;
            aes.Mode = CipherMode.ECB;
            aes.KeySize = 128;
            aes.BlockSize = 128;
            aes.Key = md5HashOfKey;
            //aes.IV = new byte[] { 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 };

            var bytes = utf8dataBytes;
            //var bytes = ForcePaddingManually( utf8dataBytes );

            var cxform = aes.CreateEncryptor();
            encryptedBlob = cxform.TransformFinalBlock( bytes, 0, bytes.Length );
        }
        finally
        {
            aes.Clear();
        }
    }

    //var encryptedBlob = AesAlgo.Encrypt( data, md5HashOfKey, padding, cipherMode, size );
    Console.WriteLine("mcrypt (raw): " + DumpBinary(encryptedBlob));
    Console.WriteLine("mcrypt: " + Encoding.UTF8.GetString(encryptedBlob));

    var encryptedBase64 = Convert.ToBase64String(encryptedBlob);
    Console.WriteLine( "presid: " + encryptedBase64 );

    var encodedEncryptedBlob = encryptedBase64.Replace( "+", "-" ).Replace( "/", "_" );
    Console.WriteLine( "sid: " + encodedEncryptedBlob );
    Console.WriteLine("COMPLETE!");
}

static byte[] ForcePaddingManually( byte[] data )
{
    // force padding manually to test that PKCS7 works like we are expecting
    var pad = ( 16 - data.Length % 16 ) % 16;
    var bytes = new byte[data.Length + pad];
    for ( int i = 0; i < data.Length; ++i )
    {
        bytes[i] = data[i];
    }
    for ( int i = data.Length; i < data.Length + pad; ++i )
    {
        bytes[i] = (byte)pad;
    }

    return bytes;
}

static string DumpBinary( byte[] data )
{
    var sb = new StringBuilder();
    for ( int i = 0; i < data.Length; ++i )
    {
        sb.Append( data[i].ToString( "X2" ) );
    }
    return sb.ToString();
}

当我查看这些结果时,我得到的是:

PHP:

input: 'hello'
string(5) "hello"
input (dump): 
key: '9840822c-14fc-49ac-9d68-ac532f9f171e'
block size: '16'
padding: '11'
utf8 json: 'hello'
string(16) "hello"
utf8 json (dump): 
encoded key: 9840822c-14fc-49ac-9d68-ac532f9f171e
md5 hash of key (raw): 6d334201cb7625323da32e0c31b2b138
string(16) "�Ҙ�= �˹��C���"
mcrypt (raw): 
mcrypt: �Ҙ�= �˹��C���
mcrypt (raw): b0d298c83d20a0cbb9f0ea4305cef2ec
presid: sNKYyD0goMu58OpDBc7y7A==
sid: sNKYyD0goMu58OpDBc7y7A==

C#:

input: 'hello'
key: '9840822c-14fc-49ac-9d68-ac532f9f171e'
block size: '16'
padding: '11'
utf8 json: 'hello'
encoded key (utf8): 9840822c-14fc-49ac-9d68-ac532f9f171e
md5 hash of key (raw): 6D334201CB7625323DA32E0C31B2B138
mcrypt (raw): 4CBAD7678AAB2B054371A1B572161280
mcrypt: L??g??+♣Cq??r▬↕?
presid: TLrXZ4qrKwVDcaG1chYSgA==
sid: TLrXZ4qrKwVDcaG1chYSgA==
COMPLETE!

里面有很多诊断代码和杂项代码,但基本问题是,当传入相同的密钥的 MD5 哈希(二进制文件相同)并且传入相同的输入数据(字节相同,或我可以在输入的 C# 代码中强制填充相同)我得到不同的输出结果。我确信这很简单,但它并没有突然出现在我身上。有没有人可以在这里找出问题?

基本问题是底部显示的 SID(AES 加密结果)不同 - 导致差异的原因是什么?

4

2 回答 2

0

嗯,有助于缩小问题的第一件事是“md5 hash of key (raw):”在两种情况下都是相同的,但是 base64 编码不匹配“md5 hash of key (base64):”,所以那种of 缩小了问题发散到 base64call 代码的步骤。

请注意,您的输入是十六进制字符串,而不是 PHP 中的二进制。

使用专门用于将十六进制字符串转换为 base64 的在线转换器进行测试,我可以验证这bTNCAct2JTI9oy4MMbKxOA==是正确的 base64 编码,其输入0x6d334201cb7625323da32e0c31b2b138与 C# 的输出匹配。

所以这意味着 PHP 的 base64 编码是罪魁祸首。可能有更好的方法来检索二进制密钥,但您需要做的是将十六进制字符串转换为二进制:

<?php
echo base64_encode(pack("H*" , '6d334201cb7625323da32e0c31b2b138')) ;
?>

这产生了预期的输出bTNCAct2JTI9oy4MMbKxOA==

可能还有比这更多的问题,但这解释了输出的差异。

于 2015-10-23T00:13:09.977 回答
0

主要问题是 PHP 代码中的实际键是由md5()没有可选参数来创建的,以获取原始输出。这意味着实际的密钥长度为 32 个字节,因为它是十六进制编码的,并且按原样使用而无需解码。本质上,您在这里处理的是 AES-256。

由于您无法更改 PHP 代码,因此您需要在 C# 中重新创建此故障:

aes.KeySize = 256;
aes.Key = Encoding.ASCII.GetBytes(BitConverter.ToString(md5HashOfKey).Replace("-","").ToLower());

按预期输出:

mcrypt(原始):B0D298C83D20A0CBB9F0EA4305CEF2EC
mcrypt: �Ҙ�= �˹��C���
主席:sNKYyD0goMu58OpDBc7y7A==
sid: sNKYyD0goMu58OpDBc7y7A==

BitConverter.ToString()返回格式为“6D-33-42-01-....”的十六进制字符串,这意味着必须删除破折号并且必须将其转换为小写以创建实际密钥。

演示

于 2015-10-23T00:09:05.797 回答