如何正确使用mbedtls的AES CBC API

编程问答 2022-07-26

问题描述

按照golang的aes实现检查,我目前的方法甚至无法生成正确的加密数据。它也不会解密回原始的纯文本,但是如果加密步骤不能正常工作,这是可以预期的。我最好的猜测是我以某种方式滥用了api。这是一个独立的示例,可以按原样运行。

#include <mbedtls/aes.h>

#include <vector>

void LogVec(const std::vector<uint8_t>& bin)
{
    printf("(size: %i) ",bin.size());
    printf("{");
    for (auto& b : bin)
    {
        printf("%#02x,",b);
    }
    printf("}\n");
}

mbedtls_aes_context AesContext;

std::vector<uint8_t> EncryptAes(std::vector<uint8_t>& iv,std::vector<uint8_t>& data)
{
    std::vector<uint8_t> ivcpy(iv);

    uint8_t padByte = 16 - (data.size() % 16);
    for (int i = 0; i < padByte; i++)
        data.push_back(padByte);

    std::vector<uint8_t> ret(data.size());
    mbedtls_aes_crypt_cbc(&AesContext,MbedTLS_AES_ENCRYPT,data.size(),ivcpy.data(),data.data(),ret.data());

    return ret;
}

std::vector<uint8_t> DecryptAes(const std::vector<uint8_t>& iv,std::vector<uint8_t>& data)
{
    std::vector<uint8_t> ivcpy(iv);

    std::vector<uint8_t> ret(data.size());
    mbedtls_aes_crypt_cbc(&AesContext,MbedTLS_AES_DECRYPT,ret.data());

    ret.resize(ret.size() - ret[ret.size() - 1]);
    
    return ret;
}

int main() 
{
    mbedtls_aes_init(&AesContext);

    std::vector<uint8_t> data = { 0x3b,0xb1,0x99,0x3,0x67,0xf3,0x2e,0x1f,0x00,0x38,0xc9,0x53,0x92,0xa4 };

    std::vector<uint8_t> key = { 0x15,0x1,0xc0,0xd0,0xe4,0xfd,0xdf,0xd7,0x7a,0x65,0xf1,0x2f,0x45,0x61,0xb,0x59,0xd9,0xa,0x9c,0xc,0x4,0x76,0xdb,0xbe,0x9e,0x7f,0x8d,0xe1,0x46 };

    std::vector<uint8_t> iv = { 0xa2,0x78,0xa4,0xd8,0x34,0x88,0x9b,0x28,0xdc,0xb9,0xe2,0x58,0x8c,0xbc };

    mbedtls_aes_setkey_enc(&AesContext,key.data(),256);
    mbedtls_aes_setkey_dec(&AesContext,256);

    std::vector<uint8_t> dataEnc = EncryptAes(iv,data);
    printf("Encrypted data: ");
    LogVec(dataEnc);

    //std::vector<uint8_t> dataDec = DecryptAes(iv,dataEnc);
    //printf("Decrypted data: ");
    //LogVec(dataDec);

    getchar();
    return 1;
}

输出

Encrypted data: (size: 16) {0x5d,0x1c,0x9,0x8e,0x24,0x43,0xfa,0xaf,0xb3,0xf5,0x37,0x8,0x93,}

在golang中使用相同的键iv的预期输出

Encrypted: 34730cba3543e5facf4b94ba9dc8a275

解决方法

在调用mbedtls_aes_crypt_cbc进行加密之前,应先致电mbedtls_aes_setkey_enc,在致电mbedtls_aes_crypt_cbc进行解密之前,应先致电mbedtls_aes_setkey_dec。当像在代码中那样在初始化时调用两者时,对setkey_dec的后者调用将覆盖由加密所需的setkey_enc设置的上下文结构中的重要数据。

aesc++mbedtls