1

我正在尝试使用您的库实现 SSH 协议。我尝试在 cbc 模式下使用 3des 算法。

我创建加密如下:

_encrypt.reset(new Pipe(encryptFilter = new CBC_Encryption(cipher->clone(), new Null_Padding, c2s_key, c2s_iv)));`

我创建解密如下:

_decrypt.reset(new Pipe(decryptFilter = new CBC_Decryption(cipher->clone(), new Null_Padding, s2c_key, s2c_iv))); 

我尝试解密如下:

bool crypto::decryptPacket(Botan::SecureVector<Botan::byte> &decrypted, Botan::SecureVector<Botan::byte> &packet, uint32_t len)
{
    uint32_t pLen = packet.size();

    if (pLen % _decryptBlock != 0)
    {
        len = pLen + (pLen % _decryptBlock);
    }

    for (uint32_t pktIndex = 0; pktIndex < len; pktIndex += _decryptBlock)
    {
            Botan::SecureVector<Botan::byte> e(packet.begin() + pktIndex, packet.size() + pktIndex + _decryptBlock);
            _decrypt->process_msg(e, _decryptBlock);

            decrypted += _decrypt->read_all(_decrypt->message_count() - 1);
    }

    return true;
}

我尝试加密如下:

bool crypto::encryptPacket(Botan::SecureVector<Botan::byte> &crypted, Botan::SecureVector<Botan::byte> &hmac, Botan::SecureVector<Botan::byte> &packet, uint32_t seq)
{
    SecureVector<Botan::byte> macStr;
    uint32_t nSeq = (uint32_t)htonl(seq);

    _encrypt->start_msg();
    _encrypt->write(packet.begin(), packet.size());
    _encrypt->end_msg();

    crypted = _encrypt->read_all(_encrypt->message_count() - 1);

    if (_hmacOut)
    {
        macStr = SecureVector<Botan::byte>((Botan::byte*)&nSeq, 4);
        macStr += packet;
        hmac = _hmacOut->process(macStr);
    }

    return true;
}

我尝试加密如下:

bool crypto::encryptPacket(Botan::SecureVector<Botan::byte> &crypted, Botan::SecureVector<Botan::byte> &hmac, Botan::SecureVector<Botan::byte> &packet, uint32_t seq)
{
    SecureVector<Botan::byte> macStr;
    uint32_t nSeq = (uint32_t)htonl(seq);

    _encrypt->start_msg();
    _encrypt->write(packet.begin(), packet.size());
    _encrypt->end_msg();

    crypted = _encrypt->read_all(_encrypt->message_count() - 1);

    if (_hmacOut)
    {
        macStr = SecureVector<Botan::byte>((Botan::byte*)&nSeq, 4);
        macStr += packet;
        hmac = _hmacOut->process(macStr);
    }

    return true;
}

结果,加密的数据包正常,但是当我尝试解密第二个数据包和下一个数据包时,第一个数据块解密不正确。问题是什么?

4

0 回答 0