AES加密，使不同的结果在iOS和Android [英] AES encryption makes different result in iOS and Android

问题描述

尝试使用AES128算法，CBC和PKCS7填充在Android和iOS的样本数据进行加密，但结果是不同的:(

Android的code：

 私有静态最后一个字节[]键= {0×01，0×02，0×03，0×04，0×05，0×06，0×07，0×08，×09，的0x0A，0x0B中，0x0C的，0X0D，为0x0E，为0x0F ，为0x10};

INT srcBuffSiz = 1024;
byte []的srcBuff =新的字节[srcBuffSiz]
Arrays.fill（srcBuff，（字节）0×01）;

SecretKeySpec skeySpec =新SecretKeySpec（KEY，AES）;
密ecipher = Cipher.getInstance（AES / CBC / PKCS7Padding）;
ecipher.init（Cipher.ENCRYPT_MODE，skeySpec）;
byte []的dstBuff = ecipher.doFinal（srcBuff）;
INT bytesEncrypted = dstBuff.length;
 

的iOS code：

  //源缓冲区
    为size_t srcBuffSiz = 1024;
    无符号字符* srcBuff =新的无符号的char [srcBuffSiz]
    memset的（srcBuff，0×01，srcBuffSiz）;

    //目标缓冲区
    为size_t dstBuffSiz = srcBuffSiz + 128;
    无符号字符* dstBuff =新的无符号的char [dstBuffSiz]
    memset的（dstBuff，0×00，dstBuffSiz）;

    unsigned char型keyPtr [kCCKeySizeAES128] = {0×01，0×02，0×03，0×04，0×05，0×06，0×07，0×08，×09，的0x0A，0x0B中，0x0C的，0X0D，为0x0E，为0x0F，为0x10};

    为size_t bytesEncrypted = 0;
    CCCryptorStatus cryptStatus = CCCrypt（kCCEncrypt，kCCAlgorithmAES128，kCCOptionPKCS7Padding，
                                          keyPtr，kCCKeySizeAES128，
                                          NULL / *初始化向量（可选）* /，
                                          srcBuff，srcBuffSiz，/ *输入* /
                                          dstBuff，dstBuffSiz，/ *输出* /
                                          ＆安培; bytesEncrypted）;
 

因此​​，在这两种情况下，我尝试使用predefined样品密钥来加密样本1024个字节的缓冲区（previosly填充为0x01值）。

第一个和最后6个字节加密缓冲区的iOS的：

  ED CC 64 27 A8 99 ... 0C 44 9F EC 34 FC
 

第一个和最后6个字节加密缓冲区的Andr​​oid版本：

  AE 65 A9 F7 7F 0E ... 1F BD AE 8B 85 ED
 

你知道吗？

如果我替换Cipher.getInstance（AES / CBC / PKCS7Padding），以Cipher.getInstance（AES），则第一几个字节加密缓冲区将是相同的，但是从17字节...

iOS的：

  ED CC 64 27 A8 99 DA 83 D5 4A B0 03 0F E7 DD A7 35 F2 50 5C 49 47 CC 3B 2F AB D1 61 05
 

Android的：

  ED CC 64 27 A8 99 DA 83 D5 4A B0 03 0F E7 DD A7 ED CC 64 27 A8 99 DA 83 D5 4A B0 03 0F
 

解决方案

我依稀记得我有同步Android和iPhone，以及解决方案之间的加密是合适的IV（初始化向量）使用情况的一次类似的问题。所以大概开关在Android中明确IV的使用可以帮助：

 最后一个字节[] IV =新的字节[16];
Arrays.fill（四，（字节）为0x00）;
IvParameterSpec ivParameterSpec =新IvParameterSpec（ⅳ）;
.. //将preparations休息
ecipher.init（Cipher.ENCRYPT_MODE，skeySpec，ivParameterSpec）;
 

由于在iPhone上，当你传递NULL作为IV，它可能会在内部使用一个默认的对应于刚刚如上所述。

但在生产环境中，你应该使用（加密安全伪）随机初始化向量，与数据一起存储。然后，它是安全的操作的所有模式。 [1]

Trying to encrypt sample data using AES128 algorithm with CBC and PKCS7 padding in Android and iOS, but results are different :(

Android code:

private static final byte[] KEY = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10};

int srcBuffSiz = 1024;
byte[] srcBuff = new byte[srcBuffSiz];
Arrays.fill(srcBuff, (byte)0x01);

SecretKeySpec skeySpec = new SecretKeySpec(KEY, "AES");
Cipher ecipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
ecipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] dstBuff = ecipher.doFinal(srcBuff);
int bytesEncrypted = dstBuff.length;

iOS Code:

    // Source buffer
    size_t srcBuffSiz = 1024;
    unsigned char* srcBuff = new unsigned char[srcBuffSiz];
    memset(srcBuff, 0x01, srcBuffSiz);

    // Destination buffer
    size_t dstBuffSiz = srcBuffSiz + 128;
    unsigned char* dstBuff = new unsigned char[dstBuffSiz];
    memset(dstBuff, 0x00, dstBuffSiz);

    unsigned char keyPtr[kCCKeySizeAES128] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10};

    size_t bytesEncrypted = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                          keyPtr, kCCKeySizeAES128,
                                          NULL /* initialization vector (optional) */,
                                          srcBuff, srcBuffSiz, /* input */
                                          dstBuff, dstBuffSiz, /* output */
                                          &bytesEncrypted);

So, in both cases I'm trying to encrypt sample 1024 bytes buffer (previosly filled with 0x01 values) using predefined sample key.

First and last 6 bytes of encrypted buffer in iOS:

ED CC 64 27 A8 99 ... 0C 44 9F EC 34 FC

First and last 6 bytes of encrypted buffer in Android:

AE 65 A9 F7 7F 0E ... 1F BD AE 8B 85 ED

Any idea?

If i replace Cipher.getInstance("AES/CBC/PKCS7Padding") to Cipher.getInstance("AES"), then first several bytes of encrypted buffer will be the same, but from 17th byte ...

iOS:

ED CC 64 27 A8 99 DA 83 D5 4A B0 03 0F E7 DD A7 35 F2 50 5C 49 47 CC 3B 2F AB D1 61 05 

Android:

ED CC 64 27 A8 99 DA 83 D5 4A B0 03 0F E7 DD A7 ED CC 64 27 A8 99 DA 83 D5 4A B0 03 0F 

解决方案

I vaguely recall I had once similar issue of "synchronizing" the encryption between Android and iPhone, and the solution was in proper IV (initialization vector) usage. So probably switching on an explicit IV usage in Android could help:

final byte[] iv = new byte[16];
Arrays.fill(iv, (byte) 0x00);
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
.. // the rest of preparations
ecipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivParameterSpec);

Because when on iPhone you pass NULL as the IV, it may internally use a default one that corresponds to the just stated above.

But in production environment you should use a (cryptographically secure pseudo-)random initialization vector, stored together with the data. Then it is safe for all modes of operations. [1]

这篇关于AES加密，使不同的结果在iOS和Android的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！