用随机字节填充内存-C/Objective-C [英] Filling memory with random bytes - C/Objective-C

查看:204
本文介绍了用随机字节填充内存-C/Objective-C的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用CommonCrypto在Objective-C(AES256)中进行加密,并且我想提供一个IV(初始化向量)来进行更安全的加密.我目前正在这样做:

I'm using CommonCrypto for encryption in Objective-C (AES256) and I'd like to provide an IV (initialization vector) for a more secure encryption. I'm currently doing this:

const void* iv = malloc(kCCBlockSizeAES128);
// EDIT:
//if (!iv) {
//    iv = NULL;
//}

然后创建密码对象:

CCCryptorRef cryptor;
CCCryptorStatus cryptStatus = CCCryptorCreate(operation, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                                  keyPtr, kCCKeySizeAES256,
                                                  iv,
                                                  &cryptor);

问题在于这种加密方式似乎失败了(悲伤的表情...).我的意思是:它加密时没有明显的问题,但是它解密的数据与原始数据不同.我可以这样做,因为当您malloc()内存时,它不是全部写为零,而是随机的.我也尝试自己写随机值,但是我的C背景真的很难.如果有写随机字节的函数(如bzero),请告诉我.

The problem is that encryption this way seems to fail (sad face...). I mean: it encrypts with no apparent problem, but it decrypts data different than the original. I though this would work because when you malloc() memory, it is not written all to zeros, it is random. I also tried writing random values myself but my C background is failing really hard. If there is a function (like bzero) that writes random bytes please tell me.

我也尝试做这样的事情:

I also tried doing something like this:

char* iv = malloc(kCCBlockSizeAES128);
int i;
srand((unsigned int)time(NULL));
for (i = 0; i < kCCBlockSizeAES128; i++) {
    iv[i] = (char)rand()%256;
}

哦,顺便说一句,我意识到这一定是一个非常讨厌的问题:)

Ohh, by the way, I realise this must be a very nooby question :)

最后,我想要的只是一个类似const void* iv = malloc(kCCBlockSizeAES128)的东西,经过一些操作,我确定它的数据是完全随机的.有什么想法吗?

In the end all I want is something like const void* iv = malloc(kCCBlockSizeAES128) that after some operations I am sure it's data is completely random. Any ideas on that?

PS:我只提供了crypto/Objective-C背景,所以您知道我需要什么.我认为那不会影响任何事情. kCCBlockSizeAES128 = 16(确定90%:)

PS: I only provided the crypto/Objective-C background so you know what I need this for. I think that won't influence a thing. kCCBlockSizeAES128 = 16 (90% sure :)

好吧!经过 的问题处理后,我很高兴地宣布我在加密和加密方面遇到的问题解密是由于我现已解决的程序另一部分的错误所致.因此,我现在需要弄清楚的是如何用随机字节填充iv.一些选项:

Allright! After some deugging I'm happy to announce that the problem I was having with the encryption & decryption was due to a bug in another part of my program I have now solved. So all I need to figure now is how to fill the iv with random bytes. Some options:

  • 使用malloc(),该malloc()返回垃圾数据,而不是随机字节->可能不安全的(?)
  • 使用arc4random_buf()正是我想要的,除了它只能在10.7+上运行并且我的mac是10.6.6(加上我想支持10.6)
  • 还有我没考虑过的...? <-在这里帮助!
  • Use malloc(), which returns junk, not random bytes -> potentially insecure (?)
  • Use arc4random_buf(), which is exactly what I want except it only works 10.7+ and my mac is 10.6.6 (plus I want to support 10.6)
  • Something else I haven't considered...? <-- help here!

好吧!在用一些测试数据(全零,全零等)填充iv并更多进行伪装后,我高兴地宣布,加密似乎不是在某些条件下工作.我将解释如何:

Allright! After filling the iv with some test data (all zeros, all ones, etc) and some more deugging I'm NOT happy to announce that ccrypto doesn't seem to be working in some conditions. I'll explain how:

每当我向加密货币提供置零的iv或NULL(对于加密货币而言,它也是一样)时,它就会起作用.例如,这在加密和解密时效果很好:

Whenever I feed the crypto a zeroed iv or NULL (same thing for crypto) it works. For example, this works well when encrypting and decrypting:

uint8_t iv[kCCBlockSizeAES128];
int i;
for (i = 0; i < kCCBlockSizeAES128; i++) {
    iv[i] = 0x0; // I know this is the same as doing: memset((void *)iv, 0x0, (size_t)sizeof(iv));
}

CCCryptorRef cryptor;
CCCryptorStatus cryptStatus = CCCryptorCreate(operation, kCCAlgorithmAES128,
                                              kCCOptionPKCS7Padding,
                                              (const void *)keyPtr, kCCKeySizeAES256,
                                              iv,
                                              &cryptor);

但是,当我向他提供至少一个字节的字节不为零的iv时,加密/解密不会提供错误,但解密不会产生原始数据.例如,这个...

BUT when I feed him a iv in which at least ONE of it's bytes is NOT zero, encryption/decryption do not provide errors but decrypting doesn't yield the original data. For example, this...

uint8_t iv[kCCBlockSizeAES128];
int i;
for (i = 0; i < kCCBlockSizeAES128; i++) {
    iv[i] = 0x1;
}

或用于完全随机的数据...

or for completely random data...

uint8_t iv[kCCBlockSizeAES128];
int i;
for (i = 0; i < kCCBlockSizeAES128; i++) {
    iv[i] = arc4random() % 256;
}

...不起作用.

我一点也不理解这个逻辑...有什么想法吗?

I do not understand this logic one single bit... Any ideas?

推荐答案

您可以使用arc4random_buf用随机数据填充缓冲区:

You can use arc4random_buf to fill the buffer with random data:

#include <stdlib.h>
#include <stdint.h>

uint8_t iv[kCCBlockSizeAES128];
arc4random_buf(&iv, kCCBlockSizeAES128);

此外,malloc返回的内存块(与任何未初始化的内存一样)都填充有垃圾.您不应该假设它会被任何东西填充,尤其是不能用于密码学的随机数.

Also, the memory block returned by malloc (as with any uninitialised memory) is filled with garbage. You should not assume that it will be filled with anything, especially not cryptographically useful random numbers.

这篇关于用随机字节填充内存-C/Objective-C的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
移动开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆