简单的AES加密解密在C OpenSSL库 [英] Simple AES encryption decryption with openssl library in C

问题描述

我要加密包含几个字符串的结构体，然后进行解密。我尝试以下code。原来的code为从网络中发现，它是完美的工作。我改变它输入到一个结构。以下是code。

I want to encrypt a struct containing few String and then decrypt it. I tried following code. The original code is found from the web and it was working perfectly. I change the input of it to a struct. following is the code.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <openssl/aes.h>
#include <openssl/rand.h>

typedef struct ticket { /* test field */
int ticketId;
char username[20];
    char date[20];
} USR_TICKET;

// a simple hex-print routine. could be modified to print 16 bytes-per-line
static void hex_print(const void* pv, size_t len)
{
const unsigned char * p = (const unsigned char*)pv;
if (NULL == pv)
    printf("NULL");
else
{
    size_t i = 0;
    for (; i<len;++i)
        printf("%02X ", *p++);
}
printf("\n");
}

// main entrypoint
int main(int argc, char **argv)
{
    int keylength;
    printf("Give a key length [only 128 or 192 or 256!]:\n");
    scanf("%d", &keylength);

    /* generate a key with a given length */
    unsigned char aes_key[keylength/8];
    memset(aes_key, 0, keylength/8);
    if (!RAND_bytes(aes_key, keylength/8))
        exit(-1);

    /* input struct creation */
    size_t inputslength = sizeof(USR_TICKET);
    USR_TICKET ticket;
    ticket.ticketId = 1;
    time_t now = time(NULL);
    strftime(ticket.date, 20, "%Y-%m-%d", localtime(&now));
    strcpy(ticket.username, "ravinda");

    printf("Username - %s\n", ticket.username);
    printf("Ticket Id - %d\n", ticket.ticketId);
    printf("Date - %s\n", ticket.date);

    /* init vector */
    unsigned char iv_enc[AES_BLOCK_SIZE], iv_dec[AES_BLOCK_SIZE];
    RAND_bytes(iv_enc, AES_BLOCK_SIZE);
    memcpy(iv_dec, iv_enc, AES_BLOCK_SIZE);

    // buffers for encryption and decryption
    const size_t encslength = ((inputslength + AES_BLOCK_SIZE) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
    unsigned char enc_out[encslength];
    unsigned char dec_out[inputslength];
    memset(enc_out, 0, sizeof(enc_out));
    memset(dec_out, 0, sizeof(dec_out));

    // so i can do with this aes-cbc-128 aes-cbc-192 aes-cbc-256
    AES_KEY enc_key, dec_key;
    AES_set_encrypt_key(aes_key, keylength, &enc_key);
    AES_cbc_encrypt((unsigned char *)&ticket, enc_out, inputslength, &enc_key, iv_enc, AES_ENCRYPT);

    AES_set_decrypt_key(aes_key, keylength, &dec_key);
    AES_cbc_encrypt(enc_out, dec_out, encslength, &dec_key, iv_dec, AES_DECRYPT);

    printf("original:\t");
    hex_print((unsigned char *)&ticket, inputslength);

    printf("encrypt:\t");
    hex_print(enc_out, sizeof(enc_out));

    printf("decrypt:\t");
    hex_print(dec_out, sizeof(dec_out));

    USR_TICKET * dyc = (USR_TICKET *)dec_out;
    printf("Username - %s\n", dyc->username);
    printf("Ticket Id - %d\n", dyc->ticketId);
    printf("Date - %s\n", dyc->date);
    return 0;
}

问题是结构的唯一首两个成员被正确解密。该数据后得到currupted。我在做什么错在这里？

The problem is only first two members of the struct is decrypting correctly. After that data get currupted. What am I doing wrong here?

推荐答案

我会的几乎的走这么远，说这是与OpenSSL的一个问题。看来，当长度参数传递给 AES_cbc_encrypt 是> AES_BLOCK_SIZE 而不是其整数倍（即长度modAES_BLOCK_SIZE！= 0 ），那么最后一个块使用的初始的IV加密，而不是密文作为previous块应该是CBC模式的情况

I would almost go so far as to say this is a problem with OpenSSL. It seems that when the length parameter passed to AES_cbc_encrypt is > AES_BLOCK_SIZE but not an integral multiple thereof (i.e. length mod AES_BLOCK_SIZE != 0), then the last block is encrypted using the initial IV and not the previous block of ciphertext as should be the case for CBC mode.

您可以通过以下两种方式之一解决这个问题：

You can fix this in one of two ways:

你的结构复制到大小为 AES_BLOCK_SIZE 的整数倍的缓冲，或在两个部分加密 - 全块，随后是单个部分块。后者有更多的避免内存使用情况的优势，可以做如下：

Copy your struct to a buffer whose size is an integral multiple of AES_BLOCK_SIZE, or encrypt in two parts - the full blocks, followed by a single partial block. The latter has the advantage of avoiding additional memory usage and can be done as follows:

size_t fullBlocks = inputslength - (inputslength % AES_BLOCK_SIZE);
size_t remainingBlock = inputslength - fullBlocks;

AES_cbc_encrypt((unsigned char *)&ticket, enc_out, fullBlocks, &enc_key, iv_enc, AES_ENCRYPT);
AES_cbc_encrypt((unsigned char *)&ticket + fullBlocks, enc_out + fullBlocks, remainingBlock, &enc_key, iv_enc, AES_ENCRYPT);

您应该然后能够解密，你目前是没有问题的。值得注意但是，你应该申报 dec_out 作为大小相同 enc_out ，因为你现在超越了 dec_out 缓冲解密时。

You should then be able to decrypt as you currently are without issue. It's worth noting however that you should declare dec_out as the same size as enc_out, because you're currently overrunning the dec_out buffer when decrypting.

编辑：

我提出这是在OpenSSL的错误：<一href=\"https://rt.openssl.org/Ticket/Display.html?id=3182&user=guest&pass=guest\">https://rt.openssl.org/Ticket/Display.html?id=3182&user=guest&pass=guest而同时有一些争执，这是否实际上是一个错误，或者只是（无证）未定义的行为，普遍的共识是， EVP 程序应该使用，而不是这些低级别的功能。

I raised this as a bug in OpenSSL: https://rt.openssl.org/Ticket/Display.html?id=3182&user=guest&pass=guest and whilst there is some argument over whether this is actually a bug, or just (undocumented) undefined behavior, the general consensus is that the EVP routines should be used instead, rather than these low-level functions.

这篇关于简单的AES加密解密在C OpenSSL库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！