C语言 OpenSSL 上的 EVP_DecryptFinal_ex 错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5665698/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
EVP_DecryptFinal_ex Error on OpenSSL
提问by pimmling
I am playing around with OpenSSL EVP routines for decryption using AES 128 cbc mode.
我正在使用 OpenSSL EVP 例程进行解密,使用 AES 128 cbc 模式。
I use the test vectors specified at the NIST site to test my program.
我使用 NIST 站点上指定的测试向量来测试我的程序。
The program seems to fail at EVP_DecryptFinal_ex routine.
该程序似乎在 EVP_DecryptFinal_ex 例程中失败。
Can anybody please tell me what is the problem?
有人可以告诉我有什么问题吗?
Also how do I do the error checking here to find out why this routine fails?
另外,我如何在此处进行错误检查以找出此例程失败的原因?
UPDATED:
更新:
Please check the code below. I have added the encrypt and decrypt part. Encrypt works. But during the decryption, although the results of both match, the hexvalue of the cipher seems 80 bytes as opposed to the expected 64 bytes(mentioned in NIST) although the decryption works and the decrypted text matches the plaintext! Can somebody clarify?
请检查下面的代码。我添加了加密和解密部分。加密工作。但是在解密过程中,虽然两者的结果匹配,但密码的十六进制值似乎是 80 个字节,而不是预期的 64 个字节(在 NIST 中提到),尽管解密有效并且解密的文本与明文匹配!有人可以澄清吗?
The expected ciphertext value should be:
预期的密文值应该是:
cipher: 0000 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d
0010 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2
0020 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16
0030 3f f1 ca a1 68 1f ac 09 12 0e ca 30 75 86 e1 a7
here is the code:
这是代码:
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/evp.h>
int AES_BLOCK_SIZE;
int main(int argc, char **argv)
{
EVP_CIPHER_CTX en;
EVP_CIPHER_CTX de;
EVP_CIPHER_CTX_init(&en);
EVP_CIPHER_CTX_init(&de);
const EVP_CIPHER *cipher_type;
unsigned char *mode;
unsigned char *passkey, *passiv, *plaintxt;
int vector_len = 0;
char *plain;
char *plaintext;
unsigned char *ciphertext;
int olen, len;
int i =0;
//NIST VALUES TO CHECK
unsigned char iv[] =
{ 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0 };
unsigned char key[] =
{ 0x2b, 0x7e, 0x15, 0x16,
0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88,
0x09, 0xcf, 0x4f, 0x3c , 0 };
unsigned char input[] =
{ 0x6b, 0xc1, 0xbe, 0xe2,
0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11,
0x73, 0x93, 0x17, 0x2a,
0xae, 0x2d, 0x8a, 0x57,
0x1e, 0x03, 0xac, 0x9c,
0x9e, 0xb7, 0x6f, 0xac,
0x45, 0xaf, 0x8e, 0x51,
0x30, 0xc8, 0x1c, 0x46,
0xa3, 0x5c, 0xe4, 0x11,
0xe5, 0xfb, 0xc1, 0x19,
0x1a, 0x0a, 0x52, 0xef,
0xf6, 0x9f, 0x24, 0x45,
0xdf, 0x4f, 0x9b, 0x17,
0xad, 0x2b, 0x41, 0x7b,
0xe6, 0x6c, 0x37, 0x10, 0 };
printf("AES ALGORITHM FOR 128 bit CBC MODE\n");
cipher_type = EVP_aes_128_cbc();
AES_BLOCK_SIZE = 128;
passkey = key;
passiv = iv;
plain = input;
printf("iv=");
for(i = 0; i < sizeof iv; i++){
printf("%02x", iv[i]);
}
printf("\n");
printf("key=");
for(i = 0; i < sizeof key; i++){
printf("%02x", key[i]);
}
printf("\n");
printf("Initializing AES ALGORITHM FOR CBC MODE..\n");
EVP_EncryptInit_ex(&en, cipher_type, NULL, passkey, passiv);
EVP_DecryptInit_ex(&de, cipher_type, NULL, passkey, passiv);
olen = len = strlen(input)+1;
printf("len value before aes_encrypt \"%d\"\n", len);
int c_len = len + AES_BLOCK_SIZE - 1;
int f_len = 0;
ciphertext = (unsigned char *)malloc(c_len);
if(!EVP_EncryptInit_ex(&en, NULL, NULL, NULL, NULL)){
printf("ERROR in EVP_EncryptInit_ex \n");
return NULL;
}
if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
printf("ERROR in EVP_EncryptUpdate \n");
return NULL;
}
printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
printf("ERROR in EVP_EncryptFinal_ex \n");
return NULL;
}
printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
EVP_CIPHER_CTX_cleanup(&en);
len = c_len + f_len;
printf("len value after aes_encrypt \"%d\"\n", len);
len = strlen(ciphertext);
printf("strlen value of ciphertext after aes_encrypt \"%d\"\n", len);
int p_len = len;
f_len = 0;
plaintext = (unsigned char *)malloc(p_len);
//memset(plaintext,0,sizeof(plaintext));
if(!EVP_DecryptInit_ex(&de, NULL, NULL, NULL, NULL)){
printf("ERROR in EVP_DecryptInit_ex \n");
return NULL;
}
EVP_CIPHER_CTX_set_padding(&de, 0);
if(!EVP_DecryptUpdate(&de, plaintext, &p_len, ciphertext, len)){
printf("ERROR in EVP_DecryptUpdate\n");
return NULL;
}
if(!EVP_DecryptFinal_ex(&de, plaintext+p_len, &f_len)){
printf("ERROR in EVP_DecryptFinal_ex\n");
return NULL;
}
EVP_CIPHER_CTX_cleanup(&de);
len = p_len + f_len;
printf("Decrypted value = %s\n", plaintext);
printf("len value after aes_decrypt \"%d\"\n", len);
if (strncmp(plaintext, input, olen))
printf("FAIL: enc/dec failed for \"%s\"\n", input);
else
printf("OK: enc/dec ok for \"%s\"\n", plaintext); // \"%s\"\n
printf("OK: ciphertext is \"%s\"\n", ciphertext); // \"%s\"\n
printf("\n");
unsigned char *s3 = ciphertext;
printf("s3 =\n");
int nc = 0;
while(*s3 != 'EVP_CIPHER_CTX_set_padding(&de, 0);
'){
printf("%02x", *s3);
s3++;
nc ++;
if(nc == 16){
printf("\n");
nc = 0;
}
}
printf("\n");
//printf("nc = %d\n", nc);
free(ciphertext);
free(plaintext);
return 0;
}
回答by indiv
Just like you need to match the key and IV when you encrypt and decrypt, you also need to match the padding setting. The NIST tests are not padded. Here's an excerpt from the OpenSSL documentation:
就像加密解密时需要匹配key和IV一样,也需要匹配padding设置。NIST 测试没有填充。这是 OpenSSL文档的摘录:
EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the corresponding decryption operations. EVP_DecryptFinal() will return an error code if padding is enabled and the final block is not correctly formatted. The parameters and restrictions are identical to the encryption operations except that if padding is enabled the decrypted data buffer out passed to EVP_DecryptUpdate() should have sufficient room for (inl + cipher_block_size) bytes unless the cipher block size is 1 in which case inl bytes is sufficient.
EVP_DecryptInit_ex()、EVP_DecryptUpdate()和EVP_DecryptFinal_ex()是对应的解密操作。如果启用填充并且最终块格式不正确,EVP_DecryptFinal()将返回错误代码。参数和限制与加密操作相同,除了如果启用填充,则传递给 EVP_DecryptUpdate() 的解密数据缓冲区应该有足够的空间用于 (inl + cipher_block_size) 字节,除非密码块大小为 1,在这种情况下 inl 字节为充足的。
Searching that same page for "padding", you'll see the function EVP_CIPHER_CTX_set_padding:
在同一页面上搜索“padding”,你会看到函数EVP_CIPHER_CTX_set_padding:
EVP_CIPHER_CTX_set_padding() enables or disables padding. By default encryption operations are padded using standard block padding and the padding is checked and removed when decrypting. If the pad parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then be a multiple of the block size or an error will occur.
EVP_CIPHER_CTX_set_padding() 启用或禁用填充。默认情况下,加密操作使用标准块填充进行填充,并且在解密时检查并删除填充。如果填充参数为零,则不执行填充,则加密或解密的数据总量必须是块大小的倍数,否则将发生错误。
So at some point after you call EVP_CIPHER_CTX_initand before you start decrypting, you need to do this:
因此,在调用之后EVP_CIPHER_CTX_init和开始解密之前的某个时刻,您需要执行以下操作:
ERR_print_errors_fp(stderr);
回答by caf
To show the errors after an OpenSSL function fails, you can use:
要在 OpenSSL 函数失败后显示错误,您可以使用:
if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
printf("ERROR in EVP_EncryptUpdate \n");
return NULL;
}//Here you get length of ciphertext in c_len
printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
printf("ERROR in EVP_EncryptFinal_ex \n");
return NULL;
}//Here you get the rest of padded ciphertext in f_len
//This printf won't print out the real lengt of ciphertext you should put in (c_len+f_len)
printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
EVP_CIPHER_CTX_cleanup(&en);
len = c_len + f_len;//This is the real length of ciphertext
printf("len value after aes_encrypt \"%d\"\n", len);
len = strlen(ciphertext);//And here you rewrite it, delete this line and you should get it right
回答by user2391305
I had the same problem with EVP_DecryptFinal_ex routine. I've found out that you won't get the lenght of ciphertext by strlen(ciphertext)because the function strlen()returns the length of C string.
我在 EVP_DecryptFinal_ex 例程中遇到了同样的问题。我发现你不会得到密文的长度,strlen(ciphertext)因为该函数strlen()返回 C 字符串的长度。
Ciphertext after encryption can contain '\0' characters which are considered end of C string, so you won't get the right length of ciphertext with function strlen().
加密后的密文可以包含 '\0' 字符,这些字符被认为是 C 字符串的结尾,因此您将无法使用 function 获得正确长度的密文strlen()。
Instead you should remember the length of ciphertext after encrypting. In your program you do it with c_lenand f_len:
相反,您应该记住加密后密文的长度。在你的程序中,你使用c_lenand来做f_len:
printf("OK: ciphertext is \"%s\"\n", ciphertext);
Another thing, when you what to print out cipher text don't use:
另一件事,当您打印密文时不要使用:
int i = 0;
printf("\nCiphertext:");
for(i = 0; i < len; i++)//variable len is length of ciphertext memorized after encryption.
{printf("%c",ciphertext[i]);}
"%s" is also considered as C string and can print out just part of the whole ciphertext. Use instead:
"%s" 也被认为是 C 字符串,可以打印出整个密文的一部分。改用:
##代码##