问题描述
按照golang的aes实现检查,我目前的方法甚至无法生成正确的加密数据。它也不会解密回原始的纯文本,但是如果加密步骤不能正常工作,这是可以预期的。我最好的猜测是我以某种方式滥用了api。这是一个独立的示例,可以按原样运行。
#include <mbedtls/aes.h>
#include <vector>
void LogVec(const std::vector<uint8_t>& bin)
{
printf("(size: %i) ",bin.size());
printf("{");
for (auto& b : bin)
{
printf("%#02x,",b);
}
printf("}\n");
}
mbedtls_aes_context AesContext;
std::vector<uint8_t> EncryptAes(std::vector<uint8_t>& iv,std::vector<uint8_t>& data)
{
std::vector<uint8_t> ivcpy(iv);
uint8_t padByte = 16 - (data.size() % 16);
for (int i = 0; i < padByte; i++)
data.push_back(padByte);
std::vector<uint8_t> ret(data.size());
mbedtls_aes_crypt_cbc(&AesContext,MbedTLS_AES_ENCRYPT,data.size(),ivcpy.data(),data.data(),ret.data());
return ret;
}
std::vector<uint8_t> DecryptAes(const std::vector<uint8_t>& iv,std::vector<uint8_t>& data)
{
std::vector<uint8_t> ivcpy(iv);
std::vector<uint8_t> ret(data.size());
mbedtls_aes_crypt_cbc(&AesContext,MbedTLS_AES_DECRYPT,ret.data());
ret.resize(ret.size() - ret[ret.size() - 1]);
return ret;
}
int main()
{
mbedtls_aes_init(&AesContext);
std::vector<uint8_t> data = { 0x3b,0xb1,0x99,0x3,0x67,0xf3,0x2e,0x1f,0x00,0x38,0xc9,0x53,0x92,0xa4 };
std::vector<uint8_t> key = { 0x15,0x1,0xc0,0xd0,0xe4,0xfd,0xdf,0xd7,0x7a,0x65,0xf1,0x2f,0x45,0x61,0xb,0x59,0xd9,0xa,0x9c,0xc,0x4,0x76,0xdb,0xbe,0x9e,0x7f,0x8d,0xe1,0x46 };
std::vector<uint8_t> iv = { 0xa2,0x78,0xa4,0xd8,0x34,0x88,0x9b,0x28,0xdc,0xb9,0xe2,0x58,0x8c,0xbc };
mbedtls_aes_setkey_enc(&AesContext,key.data(),256);
mbedtls_aes_setkey_dec(&AesContext,256);
std::vector<uint8_t> dataEnc = EncryptAes(iv,data);
printf("Encrypted data: ");
LogVec(dataEnc);
//std::vector<uint8_t> dataDec = DecryptAes(iv,dataEnc);
//printf("Decrypted data: ");
//LogVec(dataDec);
getchar();
return 1;
}
输出:
Encrypted data: (size: 16) {0x5d,0x1c,0x9,0x8e,0x24,0x43,0xfa,0xaf,0xb3,0xf5,0x37,0x8,0x93,}
在golang中使用相同的键iv的预期输出:
Encrypted: 34730cba3543e5facf4b94ba9dc8a275
解决方法
在调用mbedtls_aes_crypt_cbc
进行加密之前,应先致电mbedtls_aes_setkey_enc
,在致电mbedtls_aes_crypt_cbc
进行解密之前,应先致电mbedtls_aes_setkey_dec
。当像在代码中那样在初始化时调用两者时,对setkey_dec
的后者调用将覆盖由加密所需的setkey_enc
设置的上下文结构中的重要数据。