以下是使用openssl EVP进行加密和解密的示例代码 . 当我执行加密和解密时,它似乎工作正常 . 当我在文件中写入加密的字符串并从文件中编写脚本时,我收到错误
encrypt.c
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <string.h>
#include <iostream>
#include <fstream>
#include <stdint.h>
#include <assert.h>
void handleErrors(void)
{
ERR_print_errors_fp(stderr);
abort();
}
int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
unsigned char *iv, unsigned char *ciphertext)
{
EVP_CIPHER_CTX *ctx;
int len;
int ciphertext_len;
/* Create and initialise the context */
if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, iv))
handleErrors();
if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
handleErrors();
ciphertext_len = len;
if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors();
ciphertext_len += len;
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
return ciphertext_len;
}
int main (int argc, char *argv[])
{
if ( argc != 2 )
{
printf("Usage: <process> <file>\n");
exit(0);
}
/* A 256 bit key */
unsigned char *key = (unsigned char *) "key";
/* A 128 bit IV Should be hardcoded in both encrypt and decrypt. */
unsigned char *iv = (unsigned char *)"iv";
/* Message to be encrypted */
unsigned char *plaintext =
(unsigned char *)"Password";
unsigned char ciphertext[128],base64[128];
/* Buffer for the decrypted text */
unsigned char decryptedtext[128];
int decryptedtext_len, ciphertext_len;
/* Initialise the library */
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
OPENSSL_config(NULL);
/* Encrypt the plaintext */
ciphertext_len = encrypt (plaintext, strlen ((char *)plaintext), key, iv,
ciphertext);
/* Do something useful with the ciphertext here */
printf("Ciphertext is:\n");
BIO_dump_fp (stdout, (const char *)ciphertext, ciphertext_len);
printf("%d %s\n", ciphertext_len, ciphertext);
int encode_str_size = EVP_EncodeBlock(base64, ciphertext, ciphertext_len);
printf("%d %s\n", encode_str_size, base64);
std::ofstream outFile (argv[1]);
outFile << base64;
outFile.close();
/* Clean up */
EVP_cleanup();
ERR_free_strings();
return 0;
}
decrypt.c
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <string.h>
#include <iostream>
#include <fstream>
using namespace std;
void handleErrors(void)
{
ERR_print_errors_fp(stderr);
abort();
}
int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key,
unsigned char *iv, unsigned char *plaintext)
{
EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
/* Create and initialise the context */
if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, iv))
handleErrors();
if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
handleErrors();
plaintext_len = len;
if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) handleErrors();
plaintext_len += len;
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
return plaintext_len;
}
int main (int argc, char *argv[])
{
if ( argc != 2 )
{
printf("Usage: <process> <file>\n");
exit(0);
}
/* A 256 bit key */
unsigned char *key = (unsigned char *)"key";
/* A 128 bit IV */
unsigned char *iv = (unsigned char *)"iv";
unsigned char ciphertext[128] = "", base64_in[128] = "", base64_out[128] = "";
/* Buffer for the decrypted text */
unsigned char decryptedtext[128]="";
int decryptedtext_len, ciphertext_len;
/* Initialise the library */
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
OPENSSL_config(NULL);
/* Encrypt the plaintext */
char fileBuffer[128] = "";
ifstream infile (argv[1], ios::binary);
infile.getline(fileBuffer, sizeof(fileBuffer));
infile.close();
strcpy((char *)base64_in, fileBuffer);
ciphertext_len = (strlen(reinterpret_cast<const char *>(base64_in)));
printf("%d %s\n",ciphertext_len, base64_in);
int length = EVP_DecodeBlock(base64_out, base64_in, ciphertext_len);
while(base64_in[--ciphertext_len] == '=') length--;
printf("%d %s\n", length,base64_out);
BIO_dump_fp (stdout, (const char *)base64_out, length);
decryptedtext_len = decrypt(base64_out, length, key, iv,
decryptedtext);
/* Add a NULL terminator. We are expecting printable text */
decryptedtext[decryptedtext_len] = '\0';
/* Show the decrypted text */
printf("Decrypted text is:\n");
printf("%d %s\n", decryptedtext_len ,decryptedtext);
/* Clean up */
EVP_cleanup();
ERR_free_strings();
return 0;
}
产量
./encrypt file
Ciphertext is:
0000 - 52 6f a3 c6 6b ea 4a aa-a5 e8 9d 26 47 dc e9 b7 Ro..k.J....&G...
16 Ro��k�J����&G�鷈H�t�
24 Um+jxmvqSqql6J0mR9zptw==
./decrypt file
24 Um+jxmvqSqql6J0mR9zptw==
16 Ro��k�J����&G���
0000 - 52 6f a3 c6 6b ea 4a aa-a5 e8 9d 26 47 dc e9 b7 Ro..k.J....&G...
140405999580856:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529:
Aborted (core dumped)
核心
Core was generated by `./decrypt file'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007efe46356428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007efe46356428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007efe4635802a in __GI_abort () at abort.c:89
#2 0x000000000040110e in handleErrors() ()
#3 0x00000000004011eb in decrypt(unsigned char*, int, unsigned char*, unsigned char*, unsigned char*) ()
#4 0x0000000000401485 in main ()
当我写入文件并从文件中读取内容时,我无法解密 .
2 回答
传递给
EVP_EncryptInit_ex和EVP_DecryptInit_ex的键和IV不是字符串,而是具有固定大小的字符数组,具体取决于密码 .在AES 256的情况下,密钥长度为32字节(256位)和IV 16字节(128位) . 传入的字符串常量不足以满足这些约束 . 结果,上面的函数读取超过这些字符串的结尾,调用undefined behavior .
至于最有可能发生的事情,当你在同一个程序中进行加密和解密时它起作用的原因是因为你可能将包含密钥和IV的相同缓冲区传递给两个函数,所以两者都读取同一组每个字符串结束后的未知字节 . 当您在两个不同的程序中执行相同操作时,此未知数据会有所不同,因此您实际上有两组不同的键和IV .
将您的密钥和IV声明为固定大小并初始化两者 . 未明确初始化的任何字节都将设置为0,因此您将拥有已知数量 .
dbush在关键和IV问题上做得对,但是他继续让它运行而不是正确运行 .
如果要使用密码,则应使用PBKDF:基于密码的密钥派生功能 . 如果要使用密钥,则应使用16,24或32字节的密钥 - 具体取决于所需的密钥大小128,192或256位 .
OpenSSL提供了一种名为
EVP_BytesToKey的自己的算法和PBKDF2 . Here is an example(我不喜欢)如何使用后者,更现代的算法 .最后,AES密钥应包含128,192或256位,对攻击者而言似乎是随机的 . 如果您没有为AES提供这样的密钥,那么库应该返回错误而不是继续 . 故意喂它太少或太多字节是一种灾难 . 填充零字节不是扩展密钥的方法 .