0

我使用密码学生成了一个加密文本是 Python

from cryptography.fernet import Fernet
message = "my deep dark secret".encode()

f = Fernet(key)
encrypted = f.encrypt(message)
# decrypting
from cryptography.fernet import Fernet
encrypted = b"...encrypted bytes..."

f = Fernet(key)
decrypted = f.decrypt(encrypted)

加密信息:

KEY: b'3b-Nqg6ry-jrAuDyVjSwEe8wrdyEPQfPuOQNH1q5olE='
ENC_MESSAGE: b'gAAAAABhBRBGKSwa7AluNJYhwWaHrQGwAA8UpMH8Wtw3tEoTD2E_-nbeoAvxbtBpFiC0ZjbVne_ZetFinKSyMjxwWaPRnXVSVqz5QqpUXp6h-34_TL7BaDs='

现在我正在尝试在 Swift 中解密它,但没有运气。到目前为止,我已经尝试了以下 CryptoSwift:

func testdec(){
        let str = "3b-Nqg6ry-jrAuDyVjSwEe8wrdyEPQfPuOQNH1q5olE="
        let ba = "gAAAAABhBRBGKSwa7AluNJYhwWaHrQGwAA8UpMH8Wtw3tEoTD2E_-nbeoAvxbtBpFiC0ZjbVne_ZetFinKSyMjxwWaPRnXVSVqz5QqpUXp6h-34_TL7BaDs="
        let encodedString = Base64FS.decodeString(str: String(str.utf8))
        print(encodedString.count)
        
        let first4 = String(ba.prefix(25))
        let start = first4.index(first4.startIndex, offsetBy: 9)
        let end = first4.index(first4.endIndex, offsetBy: 0)
        let iv = String(first4[start..<end])

        let starta = ba.index(ba.startIndex, offsetBy: 25)
        let enda = ba.index(ba.endIndex, offsetBy: -32)
        let cipher_text = String(ba[starta..<enda])
        let cipher_text_bt: [UInt8] = [UInt8](base64: cipher_text)
        print(cipher_text)
        
        print(iv)
        let cipher_text_bta: [UInt8] = [UInt8](base64: ba)
//        print(encodedString.bytes.count)
//        let key_bta: [UInt8] = [UInt8](base64: "RgSADaf8w4v9vokuncyzWRbP5hkdhXSETdxIHLDHtKg=")
//        let iv_bt: [UInt8] = [UInt8](base64: "7KUDrsPmb28KQqOWv00KXw==")
//        let cipher_text_bt: [UInt8] = [UInt8](base64: "gAAAAABhBQ837KUDrsPmb28KQqOWv00KX2KjsP2ar6lHLqIPUKSvF1WHiruquG-tiAEkrCZZbm-lFR9ZwxsqVcXovmQ3Hv6pWw==")
        
        do{
            print("A")
            let aes = try AES(key: encodedString, blockMode: CBC(iv: iv.bytes), padding: .pkcs7)
            print("B")
            let cipherTexta = try aes.decrypt(cipher_text_bt)
            print(cipherTexta)
        }catch{
            print(error)
        }
    }

输出:

16
WaHrQGwAA8UpMH8Wtw3tEoTD2E_-nbeoAvxbtBpFiC0ZjbVne_ZetFinKSyMjxw
RBGKSwa7AluNJYhw
A
B
invalidData

任何帮助,将不胜感激

4

1 回答 1

1

我已经设法仅使用 Apple 提供的资源来解密您的密文。如果您支持 iOS 13 及更高版本,我建议您使用CryptoKit验证 HMAC,但目前,我采用了完整的CommonCrypto解决方案。

Data首先是从 base64 URL 字符串创建的小扩展。

import Foundation
import CommonCrypto

extension Data {
    init?(base64URL base64: String) {
        var base64 = base64
            .replacingOccurrences(of: "-", with: "+")
            .replacingOccurrences(of: "_", with: "/")
        if base64.count % 4 != 0 {
            base64.append(String(repeating: "=", count: 4 - base64.count % 4))
        }
        self.init(base64Encoded: base64)
    }
}

解密函数有点晦涩,但它支持非常古老的CommonCrypto语法。withUnsafeBytes语法会更干净,但这是一个快速的解决方法。

func decrypt(ciphertext: Data, key: Data, iv: Data) -> Data {
    var decryptor: CCCryptorRef?
    
    defer {
        CCCryptorRelease(decryptor)
    }
    
    var key = Array(key)
    var iv = Array(iv)
    var ciphertext = Array(ciphertext)
    
    CCCryptorCreate(CCOperation(kCCDecrypt), CCAlgorithm(kCCAlgorithmAES), CCOptions(kCCOptionPKCS7Padding), &key, key.count, &iv, &decryptor)
    
    var outputBytes = [UInt8](repeating: 0, count: CCCryptorGetOutputLength(decryptor, ciphertext.count, false))
    CCCryptorUpdate(decryptor, &ciphertext, ciphertext.count, &outputBytes, outputBytes.count, nil)
    
    var movedBytes = 0
    var finalBytes = [UInt8](repeating: 0, count: CCCryptorGetOutputLength(decryptor, 0, true))
    CCCryptorFinal(decryptor, &finalBytes, finalBytes.count, &movedBytes)
    
    return Data(outputBytes + finalBytes[0 ..< movedBytes])
}

然后是 HMAC。CryptoKit如果可以的话,我建议你使用。这个功能当然是固定的,可能有办法让它动态化。然而,对于 Fernet,仅支持 SHA256。

func verifyHMAC(_ mac: Data, authenticating data: Data, using key: Data) -> Bool {
    var data = Array(data)
    var key = Array(key)
    var macOut = [UInt8](repeating: 0, count: Int(CC_SHA256_DIGEST_LENGTH))
    CCHmac(CCHmacAlgorithm(kCCHmacAlgSHA256), &key, key.count, &data, data.count, &macOut)
    return Array(mac) == macOut
}

所有这些都归结为以下代码。请注意,我不检查版本和/或时间戳,这应该根据规范来完成。

let fernetKey   = Data(base64URL: "3b-Nqg6ry-jrAuDyVjSwEe8wrdyEPQfPuOQNH1q5olE=")!
let signingKey  = fernetKey[0 ..< 16]
let cryptoKey   = fernetKey[16 ..< fernetKey.count]

let fernetToken = Data(base64URL: "gAAAAABhBRBGKSwa7AluNJYhwWaHrQGwAA8UpMH8Wtw3tEoTD2E_-nbeoAvxbtBpFiC0ZjbVne_ZetFinKSyMjxwWaPRnXVSVqz5QqpUXp6h-34_TL7BaDs=")!
let version     = Data([fernetToken[0]])
let timestamp   = fernetToken[1 ..< 9]
let iv          = fernetToken[9 ..< 25]
let ciphertext  = fernetToken[25 ..< fernetToken.count - 32]
let hmac        = fernetToken[fernetToken.count - 32 ..< fernetToken.count]

let plainText = decrypt(ciphertext: ciphertext, key: cryptoKey, iv: iv)
print(plainText, String(data: plainText, encoding: .utf8) ?? "Non utf8")
print(verifyHMAC(hmac, authenticating: version + timestamp + iv + ciphertext, using: signingKey))
于 2021-08-01T21:44:48.927 回答