OpenSSL上的EVP_DecryptFinal_ex错误

| 我在玩OpenSSL EVP例程,以使用AES 128 cbc模式进行解密。 我使用NIST站点上指定的测试向量来测试我的程序。 该程序似乎在EVP_DecryptFinal_ex例程中失败。 有人可以告诉我这是什么问题吗? 另外,我该如何在这里进行错误检查,以找出导致此例程失败的原因? 更新: 请检查下面的代码。我添加了加密和解密部分。加密作品。但是在解密过程中,尽管两者的结果都匹配,但是密码的十六进制值似乎是80字节,而不是预期的64字节(在NIST中提到),尽管解密有效并且解密的文本与明文匹配! 有人可以澄清吗? 预期的密文值应为:
cipher: 0000 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d 
    0010 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2 
    0020 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16 
    0030 3f f1 ca a1 68 1f ac 09 12 0e ca 30 75 86 e1 a7
这是代码:
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/evp.h>

int AES_BLOCK_SIZE;

int main(int argc, char **argv)
{

    EVP_CIPHER_CTX en;
    EVP_CIPHER_CTX de;
    EVP_CIPHER_CTX_init(&en);
    EVP_CIPHER_CTX_init(&de);
    const EVP_CIPHER *cipher_type;
    unsigned char *mode;
    unsigned char *passkey, *passiv, *plaintxt;
    int vector_len = 0;
    char *plain;
    char *plaintext;
    unsigned char *ciphertext;
    int olen, len;
    int i =0;

    //NIST VALUES TO CHECK

    unsigned char iv[]  =
    {   0x00, 0x01, 0x02, 0x03,
        0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b,
        0x0c, 0x0d, 0x0e, 0x0f,  0 };

    unsigned char key[] =
    {   0x2b, 0x7e, 0x15, 0x16,
        0x28, 0xae, 0xd2, 0xa6,
        0xab, 0xf7, 0x15, 0x88,
        0x09, 0xcf, 0x4f, 0x3c , 0 };

    unsigned char input[] =
    {   0x6b, 0xc1, 0xbe, 0xe2,
        0x2e, 0x40, 0x9f, 0x96,
        0xe9, 0x3d, 0x7e, 0x11,
        0x73, 0x93, 0x17, 0x2a,

        0xae, 0x2d, 0x8a, 0x57,
        0x1e, 0x03, 0xac, 0x9c,
        0x9e, 0xb7, 0x6f, 0xac,
        0x45, 0xaf, 0x8e, 0x51,

        0x30, 0xc8, 0x1c, 0x46,
        0xa3, 0x5c, 0xe4, 0x11,
        0xe5, 0xfb, 0xc1, 0x19,
        0x1a, 0x0a, 0x52, 0xef,

        0xf6, 0x9f, 0x24, 0x45,
        0xdf, 0x4f, 0x9b, 0x17,
        0xad, 0x2b, 0x41, 0x7b,
        0xe6, 0x6c, 0x37, 0x10, 0 };

    printf(\"AES ALGORITHM FOR 128 bit CBC MODE\\n\");
    cipher_type = EVP_aes_128_cbc();
    AES_BLOCK_SIZE = 128;
    passkey = key;
    passiv = iv;
    plain = input;

    printf(\"iv=\");
    for(i = 0; i < sizeof iv; i++){
        printf(\"%02x\", iv[i]);
    }
    printf(\"\\n\");
    printf(\"key=\");
    for(i = 0; i < sizeof key; i++){
        printf(\"%02x\", key[i]);
    }
    printf(\"\\n\");

    printf(\"Initializing AES ALGORITHM FOR CBC MODE..\\n\");

    EVP_EncryptInit_ex(&en, cipher_type, NULL, passkey, passiv);

    EVP_DecryptInit_ex(&de, cipher_type, NULL, passkey, passiv);

    olen = len = strlen(input)+1;
    printf(\"len value before aes_encrypt \\\"%d\\\"\\n\", len);

    int c_len = len + AES_BLOCK_SIZE - 1;
    int f_len = 0;
    ciphertext = (unsigned char *)malloc(c_len);

    if(!EVP_EncryptInit_ex(&en, NULL, NULL, NULL, NULL)){
        printf(\"ERROR in EVP_EncryptInit_ex \\n\");
        return NULL;
    }

    if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
        printf(\"ERROR in EVP_EncryptUpdate \\n\");
        return NULL;
    }
    printf(\"strlen value of ciphertext after update \\\"%d\\\"\\n\", strlen(ciphertext));
    if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
        printf(\"ERROR in EVP_EncryptFinal_ex \\n\");
        return NULL;
    }
    printf(\"strlen value of ciphertext after final \\\"%d\\\"\\n\", strlen(ciphertext));
    EVP_CIPHER_CTX_cleanup(&en);

    len = c_len + f_len;
    printf(\"len value after aes_encrypt \\\"%d\\\"\\n\", len);

    len = strlen(ciphertext);

    printf(\"strlen value of ciphertext after aes_encrypt \\\"%d\\\"\\n\", len);

    int p_len = len;
    f_len = 0;
    plaintext = (unsigned char *)malloc(p_len);
    //memset(plaintext,0,sizeof(plaintext));
    if(!EVP_DecryptInit_ex(&de, NULL, NULL, NULL, NULL)){
        printf(\"ERROR in EVP_DecryptInit_ex \\n\");
        return NULL;
    }
    EVP_CIPHER_CTX_set_padding(&de, 0);

    if(!EVP_DecryptUpdate(&de, plaintext, &p_len, ciphertext, len)){
        printf(\"ERROR in EVP_DecryptUpdate\\n\");
        return NULL;
    }

    if(!EVP_DecryptFinal_ex(&de, plaintext+p_len, &f_len)){
        printf(\"ERROR in EVP_DecryptFinal_ex\\n\");
        return NULL;
    }
    EVP_CIPHER_CTX_cleanup(&de);
    len = p_len + f_len;
    printf(\"Decrypted value = %s\\n\", plaintext);

    printf(\"len value after aes_decrypt \\\"%d\\\"\\n\", len);


    if (strncmp(plaintext, input, olen))
        printf(\"FAIL: enc/dec failed for \\\"%s\\\"\\n\", input);
    else
        printf(\"OK: enc/dec ok for \\\"%s\\\"\\n\", plaintext); // \\\"%s\\\"\\n

    printf(\"OK: ciphertext is \\\"%s\\\"\\n\", ciphertext); // \\\"%s\\\"\\n
    printf(\"\\n\");

    unsigned char *s3 = ciphertext;
    printf(\"s3 =\\n\");
    int nc = 0;
    while(*s3 != \'\\0\'){
        printf(\"%02x\", *s3);
        s3++;
        nc ++;
        if(nc == 16){
            printf(\"\\n\");
            nc = 0;
        }

    }
    printf(\"\\n\");
    //printf(\"nc = %d\\n\", nc);
    free(ciphertext);
    free(plaintext);

    return 0;
}
    
已邀请:
就像在加密和解密时需要匹配密钥和IV一样,也需要匹配填充设置。 NIST测试未填充。这是OpenSSL文档的摘录:   EVP_DecryptInit_ex(),   EVP_DecryptUpdate()和   EVP_DecryptFinal_ex()是   相应的解密操作。   EVP_DecryptFinal()将返回   错误代码(如果启用了填充),并且   最后一块不正确   格式化。参数和   限制与   加密操作,除非   启用填充,解密数据   缓冲传递到   EVP_DecryptUpdate()应该有   足够的空间(inl +   cipher_block_size)字节,除非   在这种情况下,密码块大小为1   inl字节就足够了。 在同一页面上搜索\“ padding \”,您会看到函数
EVP_CIPHER_CTX_set_padding
:   EVP_CIPHER_CTX_set_padding()启用   或禁用填充。默认情况下   加密操作使用填充   标准块填充和填充   被检查并删除   解密。如果pad参数是   零,则不执行填充,   加密的总数据量或   解密后必须是   块大小或将发生错误。 因此,在调用
EVP_CIPHER_CTX_init
之后且开始解密之前的某个时候,您需要执行以下操作:
EVP_CIPHER_CTX_set_padding(&de, 0);
    
要在OpenSSL函数失败后显示错误,可以使用:
ERR_print_errors_fp(stderr);
    
我在EVP_DecryptFinal_ex例程中遇到了相同的问题。我发现
strlen(ciphertext)
不会得到密文的长度,因为函数
strlen()
返回C字符串的长度。 加密后的密文可以包含\'\\ 0 \'字符,这些字符被视为C字符串的末尾,因此使用函数
strlen()
将不会获得正确长度的密文。 相反,您应该记住加密后密文的长度。在程序中使用with9ѭ和
f_len
进行操作:
  if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
    printf(\"ERROR in EVP_EncryptUpdate \\n\");
    return NULL;
  }//Here you get length of ciphertext in c_len

  printf(\"strlen value of ciphertext after update \\\"%d\\\"\\n\", strlen(ciphertext));
  if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
    printf(\"ERROR in EVP_EncryptFinal_ex \\n\");
    return NULL;
  }//Here you get the rest of padded ciphertext in f_len
  //This printf won\'t print out the real lengt of ciphertext you should put in (c_len+f_len)
  printf(\"strlen value of ciphertext after final \\\"%d\\\"\\n\", strlen(ciphertext));
  EVP_CIPHER_CTX_cleanup(&en);

  len = c_len + f_len;//This is the real length of ciphertext
  printf(\"len value after aes_encrypt \\\"%d\\\"\\n\", len);

  len = strlen(ciphertext);//And here you rewrite it, delete this line and you should get it right
另一件事,当您打印出密文时,请勿使用:
printf(\"OK: ciphertext is \\\"%s\\\"\\n\", ciphertext);
\“%s \”也被视为C字符串,并且只能打印出整个密文的一部分。改用:
int i = 0;
printf(\"\\nCiphertext:\");
for(i = 0; i < len; i++)//variable len is length of ciphertext memorized after encryption.
{printf(\"%c\",ciphertext[i]);} 
    

要回复问题请先登录注册