是libmcrypt不可靠? [英] Is libmcrypt not reliable?
问题描述
前几天我提出一个问题上的SO,没有任何有意义的答案。贝娄是它的短:
A few days ago I put a question on SO, without any meaningful answer. Bellow is it on short:
我在C客户端服务器程序,加密/与mcrypt的 C 的图书馆解密数据。在客户端进行加密要发送到服务器,发送它的串,和服务器读取后,将其解密。贝娄是我的加密和解密功能:
I have a client server program in C that encrypts/decrypts data with mcrypt C's library. The client encrypts the string that wants to send to server, send it, and after the server reads, decrypts it. Bellow are my encrypt and decrypt function:
加密功能:
void encrypt(char *es, char *key, char *civ, size_t length) {
MCRYPT td;
int n;
td = mcrypt_module_open(MCRYPT_TWOFISH, NULL, MCRYPT_CFB, NULL );
if (td == MCRYPT_FAILED) {
log_err(log_opts, strerror(errno));
exit(1);
}
n = mcrypt_enc_get_iv_size(td);
char iv[n + 1];
strncpy(iv, civ, n);
iv[n] = '\0';
if ((mcrypt_generic_init(td, key, KEY_SIZE, iv)) < 0) {
log_err(log_opts, "while trying to do mcrypt_generic_init.");
exit(1);
}
mcrypt_generic(td, es, length);
if (mcrypt_module_close(td) < 0) {
log_err(log_opts, "while trying to close module.");
exit(1);
}
}
解密功能
void decrypt(char *ds, char *key, char *civ, size_t length) {
MCRYPT td;
int n;
td = mcrypt_module_open(MCRYPT_TWOFISH, NULL, MCRYPT_CFB, NULL );
n = mcrypt_enc_get_iv_size(td);
char iv[n + 1];
strncpy(iv, civ, n);
iv[n] = '\0';
if ((mcrypt_generic_init(td, key, KEY_SIZE, iv)) < 0) {
log_err(log_opts, "trying to do mcrypt_generic_init.");
exit(1);
}
mdecrypt_generic(td, ds, length);
if (mcrypt_module_close(td) < 0) {
log_err(log_opts, "while trying to close module.");
exit(1);
}
}
我的问题:
有例(1〜10率)当一个字符串解密服务器端,但在客户端加密是不是像原来一样。任何人都可以提出我问题出在哪里可以从何而来?
There are cases (1 to 10 rate) when a string decrypted on server side but encrypted on client side is not the same like original. Can anyone suggest my where the problem can come from?
现在,我设法抓住时,我收到我已经描述的上述不良行为的情形。贝娄是我的主功能:
Now, I managed to catch a scenario when I'm getting the above bad behavior that I already described. Bellow is my main function:
int main(void) {
char *newKey = "P1adEfRuPX0AP2UDmSWHhgS6DaIrE4eb5EEJudC";
char *iv = "asdfkSSDFAEGasld3G9dkDF0";
char *s1 = "XZH9ZYKQC9*NYSR6UDUII";
char *s2 = malloc(STRING_SIZE * sizeof(char));
strcpy(s2, s1);
printf("%s - %s\n", s1, s2);
encrypt(s2, newKey, iv, strlen(s2));
decrypt(s2, newKey, iv, strlen(s2));
if (strncmp(s1, s2, STRING_SIZE) != 0)
printf("wrong encrypt-decrypt: %s %s\n", s1, s2);
exit(0);
}
贝娄是从主函数的输出:
XZH9ZYKQC9*NYSR6UDUII - XZH9ZYKQC9*NYSR6UDUII
wrong encrypt-decrypt: XZH9ZYKQC9*NYSR6UDUII XZH9ZYKQC
问:
我做得不对,或者是库问题?
Question: Am I doing something wrong, or is that library problematic?
推荐答案
最后,我想问题出在哪里从何而来。
在主功能,我有两条线路:
Finally, I figured out where the problem comes from.
In main function, I have two lines:
encrypt(s2, newKey, iv, strlen(s2));
decrypt(s2, newKey, iv, strlen(s2));
第一行是行,只要S2是明确的字符的字符串。但在第二行,的strlen(S2)可如果导致加密的文本包含返回一个错误的结果'\\ 0'的在里面。
The first line is ok, as long as s2 is a well defined string of char. But in the second line, strlen(s2) can return an erroneous result if the resulted encrypted text contains '\0''s in it.
我只想说,@chrylis'评论给了我一个提示,在哪里寻找问题。
I just want to say that @chrylis' comment gave me a hint where to search for problem.
在最后,作为一个经验法则,我会说:在 C ,则不能使用STRING的函数对加密后的文本
In the end, as a rule of thumb, I would say: IN C, YOU MUST NOT USE STRING'S FUNCTIONS ON ENCRYPTED TEXT.
感谢所有协助!
这篇关于是libmcrypt不可靠?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
