是libmcrypt不可靠? [英] Is libmcrypt not reliable?
问题描述
前几天我提出一个问题上的SO,没有任何有意义的答案。贝娄是它的短:
A few days ago I put a question on SO, without any meaningful answer. Bellow is it on short:
我在C客户端服务器程序,加密/与mcrypt的 C
的图书馆解密数据。在客户端进行加密要发送到服务器,发送它的串,和服务器读取后,将其解密。贝娄是我的加密和解密功能:
I have a client server program in C that encrypts/decrypts data with mcrypt C
's library. The client encrypts the string that wants to send to server, send it, and after the server reads, decrypts it. Bellow are my encrypt and decrypt function:
加密功能:
void encrypt(char *es, char *key, char *civ, size_t length) {
MCRYPT td;
int n;
td = mcrypt_module_open(MCRYPT_TWOFISH, NULL, MCRYPT_CFB, NULL );
if (td == MCRYPT_FAILED) {
log_err(log_opts, strerror(errno));
exit(1);
}
n = mcrypt_enc_get_iv_size(td);
char iv[n + 1];
strncpy(iv, civ, n);
iv[n] = '\0';
if ((mcrypt_generic_init(td, key, KEY_SIZE, iv)) < 0) {
log_err(log_opts, "while trying to do mcrypt_generic_init.");
exit(1);
}
mcrypt_generic(td, es, length);
if (mcrypt_module_close(td) < 0) {
log_err(log_opts, "while trying to close module.");
exit(1);
}
}
解密功能
void decrypt(char *ds, char *key, char *civ, size_t length) {
MCRYPT td;
int n;
td = mcrypt_module_open(MCRYPT_TWOFISH, NULL, MCRYPT_CFB, NULL );
n = mcrypt_enc_get_iv_size(td);
char iv[n + 1];
strncpy(iv, civ, n);
iv[n] = '\0';
if ((mcrypt_generic_init(td, key, KEY_SIZE, iv)) < 0) {
log_err(log_opts, "trying to do mcrypt_generic_init.");
exit(1);
}
mdecrypt_generic(td, ds, length);
if (mcrypt_module_close(td) < 0) {
log_err(log_opts, "while trying to close module.");
exit(1);
}
}
我的问题:
有例(1〜10率)当一个字符串解密服务器端,但在客户端加密是不是像原来一样。任何人都可以提出我问题出在哪里可以从何而来?
There are cases (1 to 10 rate) when a string decrypted on server side but encrypted on client side is not the same like original. Can anyone suggest my where the problem can come from?
现在,我设法抓住时,我收到我已经描述的上述不良行为的情形。贝娄是我的主
功能:
Now, I managed to catch a scenario when I'm getting the above bad behavior that I already described. Bellow is my main
function:
int main(void) {
char *newKey = "P1adEfRuPX0AP2UDmSWHhgS6DaIrE4eb5EEJudC";
char *iv = "asdfkSSDFAEGasld3G9dkDF0";
char *s1 = "XZH9ZYKQC9*NYSR6UDUII";
char *s2 = malloc(STRING_SIZE * sizeof(char));
strcpy(s2, s1);
printf("%s - %s\n", s1, s2);
encrypt(s2, newKey, iv, strlen(s2));
decrypt(s2, newKey, iv, strlen(s2));
if (strncmp(s1, s2, STRING_SIZE) != 0)
printf("wrong encrypt-decrypt: %s %s\n", s1, s2);
exit(0);
}
贝娄是从主
函数的输出:
XZH9ZYKQC9*NYSR6UDUII - XZH9ZYKQC9*NYSR6UDUII
wrong encrypt-decrypt: XZH9ZYKQC9*NYSR6UDUII XZH9ZYKQC
问:
我做得不对,或者是库问题?
Question: Am I doing something wrong, or is that library problematic?
推荐答案
最后,我想问题出在哪里从何而来。
在主
功能,我有两条线路:
Finally, I figured out where the problem comes from.
In main
function, I have two lines:
encrypt(s2, newKey, iv, strlen(s2));
decrypt(s2, newKey, iv, strlen(s2));
第一行是行,只要S2是明确的字符
的字符串。但在第二行,的strlen(S2)
可如果导致加密的文本包含返回一个错误的结果'\\ 0'
的在里面。
The first line is ok, as long as s2 is a well defined string of char
. But in the second line, strlen(s2)
can return an erroneous result if the resulted encrypted text contains '\0'
's in it.
我只想说,@chrylis'评论给了我一个提示,在哪里寻找问题。
I just want to say that @chrylis' comment gave me a hint where to search for problem.
在最后,作为一个经验法则,我会说:在 C
,则不能使用STRING的函数对加密后的文本
In the end, as a rule of thumb, I would say: IN C
, YOU MUST NOT USE STRING'S FUNCTIONS ON ENCRYPTED TEXT.
感谢所有协助!
这篇关于是libmcrypt不可靠?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!