cipherText
和
decryptedText(即
plainText和
decryptedText的内容)相同。
但是,当仅使用一个缓冲区执行就地加密/解密时,则不会。在这种情况下,我会得到乱码/未正确加密的数据。这只是一般限制还是我的代码错误?
此处表示“Mbed TLS 中允许使用就地密码,除非另有说明。”我不确定他们是在谈论 AES 还是 RSA。我没有看到任何表示 OAEP 加密/解密“否则”的注释,所以我认为它应该可以工作。
代码:
size_t sizeDecrypted;
unsigned char plainText[15000] = "yxcvbnm";
unsigned char cipherText[15000];
unsigned char decryptedText[15000];
rtn = mbedtls_rsa_rsaes_oaep_encrypt(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, NULL, 0, sizeof("yxcvbnm"), &plainText, &cipherText);
rtn = mbedtls_rsa_rsaes_oaep_decrypt(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, NULL, 0, &sizeDecrypted, &cipherText, &decryptedText, 15000);
//decryptedText afterwards contains the correctly decrypted text just like plainText
//sizeDecrypted is 8 (because of the binary zero at the end of the string)
unsigned char text[15000] = "yxcvbnm";
rtn = mbedtls_rsa_rsaes_oaep_encrypt(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, NULL, 0, sizeof("yxcvbnm"), &text, &text);
rtn = mbedtls_rsa_rsaes_oaep_decrypt(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, NULL, 0, &sizeDecrypted, &text, &text, 15000);
//someText afterwards doesn't contain the correctly decrypted text/has a different content than plainText
//rtn is always 0, i.e. no error is returned
//sizeDecrypted is 8
不,这不会起作用。
https://github.com/Mbed-TLS/mbedtls 我们查看 library/rsa.c
mbedtls_rsa_rsaes_oaep_encrypt 的正文:
int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
const unsigned char *label, size_t label_len,
size_t ilen,
const unsigned char *input,
unsigned char *output)
{
size_t olen;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = output;
unsigned int hlen;
if (f_rng == NULL) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id);
if (hlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
olen = ctx->len;
/* first comparison checks for overflow */
if (ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
memset(output, 0, olen);
*p++ = 0;
/* Generate a random octet string seed */
if ((ret = f_rng(p_rng, p, hlen)) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret);
}
p += hlen;
/* Construct DB */
ret = compute_hash((mbedtls_md_type_t) ctx->hash_id, label, label_len, p);
if (ret != 0) {
return ret;
}
p += hlen;
p += olen - 2 * hlen - 2 - ilen;
*p++ = 1;
if (ilen != 0) {
memcpy(p, input, ilen);
}
/* maskedDB: Apply dbMask to DB */
if ((ret = mgf_mask(output + hlen + 1, olen - hlen - 1, output + 1, hlen,
(mbedtls_md_type_t) ctx->hash_id)) != 0) {
return ret;
}
/* maskedSeed: Apply seedMask to seed */
if ((ret = mgf_mask(output + 1, hlen, output + hlen + 1, olen - hlen - 1,
(mbedtls_md_type_t) ctx->hash_id)) != 0) {
return ret;
}
return mbedtls_rsa_public(ctx, output, output);
}
注意以下事项:经过一些初步的完整性检查后,我们:
memset(output, 0, olen);
如果
output == input
检查输入缓冲区之前破坏
输入缓冲区(或其一部分)。
因此,缓冲区必须是不同的且不重叠。