我有一些之前使用 cryptdecrypt API 加密过的数据。由于它已被弃用,我应该转向最新的 bcryptdecrypt (CNG)API。但是使用这段代码我无法正确解密数据。我仍然在 pbPlainText 中看到垃圾。API 都成功了,只是解密没有正确发生。 这是代码:
bool decrypt(PBYTE pbCipherText,DWORD cbCipherText)
{
BCRYPT_KEY_HANDLE hKey = NULL;
BCRYPT_ALG_HANDLE m_Context;
NTSTATUS status = 0;
DWORD cbBlockLen = 0;
DWORD cbKeyObject = 0;
DWORD cbData = 0;
// Set up the initial vector
PBYTE pbIV = nullptr;
PBYTE pbKeyObject = nullptr;
bool ret = false;
if (BCryptOpenAlgorithmProvider(
&m_Context,
BCRYPT_AES_ALGORITHM,
NULL,
0))
{
Result = FALSE;
throw exLibCryptoException("Unable to find CryptAcquireContext function");
}
// Generate the key from supplied input key bytes.
if (!NT_SUCCESS(status = BCryptGenerateSymmetricKey(
m_Context,
&hKey,nullptr, 0,
KeyData,
KeySize,
0)))
{
wprintf(L"**** Error 0x%x returned by BCryptGenerateSymmetricKey\n", status);
}
status = BCryptImportKey(m_Context, nullptr, BCRYPT_OPAQUE_KEY_BLOB, &hKey, pbKeyObject,
cbKeyObject, pbBlob, cbBlob, 0);
if (!NT_SUCCESS(status = BCryptGetProperty(
m_Context,
BCRYPT_BLOCK_LENGTH,
(PBYTE)&cbBlockLen,
sizeof(DWORD),
&cbData,
0)))
{
//EM_LOG_TRIVIAL_2(L"**** Error 0x%x returned by BCryptGetProperty\n", status);
ret = false;
}
pbIV = (PBYTE)HeapAlloc(GetProcessHeap(), 0, cbBlockLen);
if (NULL == pbIV)
{
///EM_LOG_TRIVIAL_2(L"**** memory allocation failed\n");
ret = false;
}
if (!NT_SUCCESS(status = BCryptGenRandom(BCRYPT_RNG_ALG_HANDLE, pbIV, cbBlockLen, 0)))
{
goto Cleanup;
}
if (!NT_SUCCESS(status = BCryptSetProperty(
m_Context,
BCRYPT_CHAINING_MODE,
(PBYTE)BCRYPT_CHAIN_MODE_CBC,
sizeof(BCRYPT_CHAIN_MODE_CBC),
0)))
{
//wprintf(L"**** Error 0x%x returned by BCryptSetProperty\n", status);
}
if (_Data.size() < cbBlockLen)
return false;
//check that size is multiple of 16
if (cbCipherText % 16) {
return false;
}
if (!NT_SUCCESS(status = BCryptDecrypt(
hKey,
pbCipherText,
cbCipherText,
NULL,
pbIV,
cbBlockLen,
NULL,
0,
&cbPlainText,
0)))
{
wprintf(L"**** Error 0x%x returned by BCryptDecrypt\n", status);
}
pbPlainText = (PBYTE)HeapAlloc(GetProcessHeap(), 0, cbPlainText);
if (NULL == pbPlainText)
{
wprintf(L"**** memory allocation failed\n");
}
if (!NT_SUCCESS(status = BCryptDecrypt(
hKey,
pbCipherText,
cbCipherText,
NULL,
pbIV,
cbBlockLen,
pbPlainText,
cbPlainText,
&cbPlainText,
0)))
{
wprinft(L"decrypt failed");
}
return true;
}
提前致谢!
我正在创建一个新的用于解密的 IV,这是错误的。我应该提取 IV 并使用没有 IV 的缓冲区。这样做之后它就可以解密了。 谢谢@273K