我正在尝试使用Crypto ++中的AES加密一些顺序数据。但是,我注意到随机选择一个加密项目并对其进行解密会导致StreamTransformationFilter:无效的PKCS#7块填充
导致相同问题的简单代码如下:
AESUtil aes;
std::vector<std::string> t = std::vector<std::string>();
for (int i = 0; i < 100; ++i) {
std::string p = "a";
auto c = aes.encrypt(p);
t.push_back(c);
}
auto d = aes.decrypt(t[78]);
其中AESUtil如下:
AESUtil::AESUtil() {
this->key = CryptoPP::SecByteBlock(0x00, CryptoPP::AES::DEFAULT_KEYLENGTH);
rnd.GenerateBlock(key, key.size());
// Generate a random IV
this->iv = CryptoPP::SecByteBlock(CryptoPP::AES::BLOCKSIZE);
rnd.GenerateBlock(iv, iv.size());
this->aesEncryption = CryptoPP::AES::Encryption(key, CryptoPP::AES::DEFAULT_KEYLENGTH);
this->cbcEncryption = CryptoPP::CBC_Mode_ExternalCipher::Encryption(aesEncryption, iv);
this->aesDecryption = CryptoPP::AES::Decryption(key, CryptoPP::AES::DEFAULT_KEYLENGTH);
this->cbcDecryption = CryptoPP::CBC_Mode_ExternalCipher::Decryption(aesDecryption, iv);
}
void AESUtil::encrypt(std::string &ciphertext, std::string &plaintext) {
CryptoPP::StreamTransformationFilter stfEncryptor(this->cbcEncryption, new CryptoPP::StringSink(ciphertext));
stfEncryptor.Put(reinterpret_cast<const unsigned char *>( plaintext.c_str()), plaintext.size());
stfEncryptor.MessageEnd();
}
void AESUtil::decrypt(std::string &plaintext, std::string &ciphertext) {
CryptoPP::StreamTransformationFilter stfDecryptor(this->cbcDecryption, new CryptoPP::StringSink(plaintext));
stfDecryptor.Put(reinterpret_cast<const unsigned char *>( ciphertext.c_str()), ciphertext.size());
stfDecryptor.MessageEnd();
}
std::string AESUtil::encrypt(std::string plaintext) {
std::string ciphertext;
//ciphertext.reserve(plaintext.size()+16);
encrypt(ciphertext, plaintext);
return ciphertext;
}
std::string AESUtil::decrypt(std::string ciphertext) {
std::string plaintext;
//plaintext.reserve(ciphertext.size()+16);
decrypt(plaintext, ciphertext);
return plaintext;
}
我以为问题与字符串中的\ 0空终止符有关,所以我将代码更改为使用十六进制(不确定它是否正确)。但是,问题仍然存在。
void AESUtil::encrypt(std::string &ciphertext, std::string &plaintext) {
CryptoPP::ByteQueue encrypted;
CryptoPP::StreamTransformationFilter f1(this->cbcEncryption, new CryptoPP::Redirector(encrypted));
//f1.PutWord32((uint32_t)v1.size(), BIG_ENDIAN_ORDER);
f1.Put((const unsigned char *) plaintext.c_str(), plaintext.size());
f1.MessageEnd();
CryptoPP::HexEncoder encoder(new CryptoPP::StringSink(ciphertext));
encrypted.CopyTo(encoder);
encoder.MessageEnd();
}
void AESUtil::decrypt(std::string &plaintext, std::string &ciphertext) {
CryptoPP::ByteQueue decrypted;
CryptoPP::HexDecoder decoder(new CryptoPP::Redirector(decrypted));
decoder.Put(reinterpret_cast<const unsigned char *>( ciphertext.data()), ciphertext.size());
decoder.MessageEnd();
CryptoPP::StreamTransformationFilter f2(this->cbcDecryption, new CryptoPP::StringSink(plaintext));
decrypted.CopyTo(f2);
f2.MessageEnd();
}
使用以下代码,两个AESUtil版本都可以正常工作:
for (int i = 0; i < 100; ++i) {
std::string p = "a";
auto c = aes.encrypt(p);
auto d = aes.decrypt(c);
}
任何想法是什么问题,如何解决?任何帮助将非常感谢
我发现了问题。
即使调用了MessageEnd
,IV也在改变,保持对状态的引用 AESUtil。
我通过在加密过程中随机生成IV并将其与密文一起存储解决了这个问题。
如果有人感兴趣,这里是新代码:
void AESUtil::encrypt(std::string &ciphertext, std::string &plaintext) {
// Generate a random IV
CryptoPP::SecByteBlock iv(CryptoPP::AES::BLOCKSIZE);
this->rnd.GenerateBlock(iv, iv.size());
//memset( iv, 0x00, CryptoPP::AES::BLOCKSIZE );
CryptoPP::StringSink stringSink(ciphertext);
CryptoPP::ArraySource as(iv, iv.size(), true,
new CryptoPP::Redirector(stringSink));
CryptoPP::CBC_Mode_ExternalCipher::Encryption cbcEncryption(this->aesEncryption, iv);
CryptoPP::ByteQueue encrypted;
CryptoPP::StreamTransformationFilter f1(cbcEncryption, new CryptoPP::Redirector(encrypted));
f1.Put(reinterpret_cast<const unsigned char *>(plaintext.c_str()), plaintext.size());
f1.MessageEnd();
CryptoPP::HexEncoder encoder(new CryptoPP::Redirector(stringSink));
encrypted.CopyTo(encoder);
encoder.MessageEnd();
std::string recovered;
CryptoPP::StringSink sink(recovered);
encrypted.CopyTo(sink);
}
void AESUtil::decrypt(std::string &plaintext, std::string &ciphertext) {
CryptoPP::SecByteBlock iv(CryptoPP::AES::BLOCKSIZE);
CryptoPP::StringSource ss(ciphertext, false /* DO NOT Pump All */);
// Attach new filter
CryptoPP::ArraySink as(iv, iv.size());
ss.Attach(new CryptoPP::Redirector(as));
ss.Pump(CryptoPP::AES::BLOCKSIZE); // Pump first 16 bytes
CryptoPP::StringSink stringSink(plaintext);
CryptoPP::ByteQueue decrypted;
CryptoPP::HexDecoder decoder(new CryptoPP::Redirector(decrypted));
ss.Detach(new CryptoPP::Redirector(decoder));
ss.PumpAll();
CryptoPP::CBC_Mode_ExternalCipher::Decryption cbcDecryption(this->aesDecryption, iv);
CryptoPP::StreamTransformationFilter f2(cbcDecryption, new CryptoPP::Redirector(stringSink));
decrypted.CopyTo(f2);
f2.MessageEnd();
}