OpenSSL 上的 EVP_DecryptFinal_ex 错误

发布于 2024-11-01 13:19:38 字数 5088 浏览 5 评论 0原文

我正在使用 OpenSSL EVP 例程使用 AES 128 cbc 模式进行解密。

我使用 NIST 站点指定的测试向量来测试我的程序。

该程序似乎在 EVP_DecryptFinal_ex 例程处失败。

有人可以告诉我有什么问题吗?

另外,我如何在这里进行错误检查以找出该例程失败的原因?

更新:

请检查下面的代码。我添加了加密和解密部分。加密作品。但在解密过程中,虽然两者的结果匹配,但密码的十六进制值似乎是 80 字节,而不是预期的 64 字节(NIST 中提到),尽管解密有效并且解密的文本与明文匹配! 有人可以澄清一下吗?

预期的密文值应该是:

cipher: 0000 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d 
    0010 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2 
    0020 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16 
    0030 3f f1 ca a1 68 1f ac 09 12 0e ca 30 75 86 e1 a7

这是代码:

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/evp.h>

int AES_BLOCK_SIZE;

int main(int argc, char **argv)
{

    EVP_CIPHER_CTX en;
    EVP_CIPHER_CTX de;
    EVP_CIPHER_CTX_init(&en);
    EVP_CIPHER_CTX_init(&de);
    const EVP_CIPHER *cipher_type;
    unsigned char *mode;
    unsigned char *passkey, *passiv, *plaintxt;
    int vector_len = 0;
    char *plain;
    char *plaintext;
    unsigned char *ciphertext;
    int olen, len;
    int i =0;

    //NIST VALUES TO CHECK

    unsigned char iv[]  =
    {   0x00, 0x01, 0x02, 0x03,
        0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b,
        0x0c, 0x0d, 0x0e, 0x0f,  0 };

    unsigned char key[] =
    {   0x2b, 0x7e, 0x15, 0x16,
        0x28, 0xae, 0xd2, 0xa6,
        0xab, 0xf7, 0x15, 0x88,
        0x09, 0xcf, 0x4f, 0x3c , 0 };

    unsigned char input[] =
    {   0x6b, 0xc1, 0xbe, 0xe2,
        0x2e, 0x40, 0x9f, 0x96,
        0xe9, 0x3d, 0x7e, 0x11,
        0x73, 0x93, 0x17, 0x2a,

        0xae, 0x2d, 0x8a, 0x57,
        0x1e, 0x03, 0xac, 0x9c,
        0x9e, 0xb7, 0x6f, 0xac,
        0x45, 0xaf, 0x8e, 0x51,

        0x30, 0xc8, 0x1c, 0x46,
        0xa3, 0x5c, 0xe4, 0x11,
        0xe5, 0xfb, 0xc1, 0x19,
        0x1a, 0x0a, 0x52, 0xef,

        0xf6, 0x9f, 0x24, 0x45,
        0xdf, 0x4f, 0x9b, 0x17,
        0xad, 0x2b, 0x41, 0x7b,
        0xe6, 0x6c, 0x37, 0x10, 0 };

    printf("AES ALGORITHM FOR 128 bit CBC MODE\n");
    cipher_type = EVP_aes_128_cbc();
    AES_BLOCK_SIZE = 128;
    passkey = key;
    passiv = iv;
    plain = input;

    printf("iv=");
    for(i = 0; i < sizeof iv; i++){
        printf("%02x", iv[i]);
    }
    printf("\n");
    printf("key=");
    for(i = 0; i < sizeof key; i++){
        printf("%02x", key[i]);
    }
    printf("\n");

    printf("Initializing AES ALGORITHM FOR CBC MODE..\n");

    EVP_EncryptInit_ex(&en, cipher_type, NULL, passkey, passiv);

    EVP_DecryptInit_ex(&de, cipher_type, NULL, passkey, passiv);

    olen = len = strlen(input)+1;
    printf("len value before aes_encrypt \"%d\"\n", len);

    int c_len = len + AES_BLOCK_SIZE - 1;
    int f_len = 0;
    ciphertext = (unsigned char *)malloc(c_len);

    if(!EVP_EncryptInit_ex(&en, NULL, NULL, NULL, NULL)){
        printf("ERROR in EVP_EncryptInit_ex \n");
        return NULL;
    }

    if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
        printf("ERROR in EVP_EncryptUpdate \n");
        return NULL;
    }
    printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
    if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
        printf("ERROR in EVP_EncryptFinal_ex \n");
        return NULL;
    }
    printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
    EVP_CIPHER_CTX_cleanup(&en);

    len = c_len + f_len;
    printf("len value after aes_encrypt \"%d\"\n", len);

    len = strlen(ciphertext);

    printf("strlen value of ciphertext after aes_encrypt \"%d\"\n", len);

    int p_len = len;
    f_len = 0;
    plaintext = (unsigned char *)malloc(p_len);
    //memset(plaintext,0,sizeof(plaintext));
    if(!EVP_DecryptInit_ex(&de, NULL, NULL, NULL, NULL)){
        printf("ERROR in EVP_DecryptInit_ex \n");
        return NULL;
    }
    EVP_CIPHER_CTX_set_padding(&de, 0);

    if(!EVP_DecryptUpdate(&de, plaintext, &p_len, ciphertext, len)){
        printf("ERROR in EVP_DecryptUpdate\n");
        return NULL;
    }

    if(!EVP_DecryptFinal_ex(&de, plaintext+p_len, &f_len)){
        printf("ERROR in EVP_DecryptFinal_ex\n");
        return NULL;
    }
    EVP_CIPHER_CTX_cleanup(&de);
    len = p_len + f_len;
    printf("Decrypted value = %s\n", plaintext);

    printf("len value after aes_decrypt \"%d\"\n", len);


    if (strncmp(plaintext, input, olen))
        printf("FAIL: enc/dec failed for \"%s\"\n", input);
    else
        printf("OK: enc/dec ok for \"%s\"\n", plaintext); // \"%s\"\n

    printf("OK: ciphertext is \"%s\"\n", ciphertext); // \"%s\"\n
    printf("\n");

    unsigned char *s3 = ciphertext;
    printf("s3 =\n");
    int nc = 0;
    while(*s3 != '\0'){
        printf("%02x", *s3);
        s3++;
        nc ++;
        if(nc == 16){
            printf("\n");
            nc = 0;
        }

    }
    printf("\n");
    //printf("nc = %d\n", nc);
    free(ciphertext);
    free(plaintext);

    return 0;
}

I am playing around with OpenSSL EVP routines for decryption using AES 128 cbc mode.

I use the test vectors specified at the NIST site to test my program.

The program seems to fail at EVP_DecryptFinal_ex routine.

Can anybody please tell me what is the problem?

Also how do I do the error checking here to find out why this routine fails?

UPDATED:

Please check the code below. I have added the encrypt and decrypt part. Encrypt works. But during the decryption, although the results of both match, the hexvalue of the cipher seems 80 bytes as opposed to the expected 64 bytes(mentioned in NIST) although the decryption works and the decrypted text matches the plaintext!
Can somebody clarify?

The expected ciphertext value should be:

cipher: 0000 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d 
    0010 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2 
    0020 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16 
    0030 3f f1 ca a1 68 1f ac 09 12 0e ca 30 75 86 e1 a7

here is the code:

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/evp.h>

int AES_BLOCK_SIZE;

int main(int argc, char **argv)
{

    EVP_CIPHER_CTX en;
    EVP_CIPHER_CTX de;
    EVP_CIPHER_CTX_init(&en);
    EVP_CIPHER_CTX_init(&de);
    const EVP_CIPHER *cipher_type;
    unsigned char *mode;
    unsigned char *passkey, *passiv, *plaintxt;
    int vector_len = 0;
    char *plain;
    char *plaintext;
    unsigned char *ciphertext;
    int olen, len;
    int i =0;

    //NIST VALUES TO CHECK

    unsigned char iv[]  =
    {   0x00, 0x01, 0x02, 0x03,
        0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b,
        0x0c, 0x0d, 0x0e, 0x0f,  0 };

    unsigned char key[] =
    {   0x2b, 0x7e, 0x15, 0x16,
        0x28, 0xae, 0xd2, 0xa6,
        0xab, 0xf7, 0x15, 0x88,
        0x09, 0xcf, 0x4f, 0x3c , 0 };

    unsigned char input[] =
    {   0x6b, 0xc1, 0xbe, 0xe2,
        0x2e, 0x40, 0x9f, 0x96,
        0xe9, 0x3d, 0x7e, 0x11,
        0x73, 0x93, 0x17, 0x2a,

        0xae, 0x2d, 0x8a, 0x57,
        0x1e, 0x03, 0xac, 0x9c,
        0x9e, 0xb7, 0x6f, 0xac,
        0x45, 0xaf, 0x8e, 0x51,

        0x30, 0xc8, 0x1c, 0x46,
        0xa3, 0x5c, 0xe4, 0x11,
        0xe5, 0xfb, 0xc1, 0x19,
        0x1a, 0x0a, 0x52, 0xef,

        0xf6, 0x9f, 0x24, 0x45,
        0xdf, 0x4f, 0x9b, 0x17,
        0xad, 0x2b, 0x41, 0x7b,
        0xe6, 0x6c, 0x37, 0x10, 0 };

    printf("AES ALGORITHM FOR 128 bit CBC MODE\n");
    cipher_type = EVP_aes_128_cbc();
    AES_BLOCK_SIZE = 128;
    passkey = key;
    passiv = iv;
    plain = input;

    printf("iv=");
    for(i = 0; i < sizeof iv; i++){
        printf("%02x", iv[i]);
    }
    printf("\n");
    printf("key=");
    for(i = 0; i < sizeof key; i++){
        printf("%02x", key[i]);
    }
    printf("\n");

    printf("Initializing AES ALGORITHM FOR CBC MODE..\n");

    EVP_EncryptInit_ex(&en, cipher_type, NULL, passkey, passiv);

    EVP_DecryptInit_ex(&de, cipher_type, NULL, passkey, passiv);

    olen = len = strlen(input)+1;
    printf("len value before aes_encrypt \"%d\"\n", len);

    int c_len = len + AES_BLOCK_SIZE - 1;
    int f_len = 0;
    ciphertext = (unsigned char *)malloc(c_len);

    if(!EVP_EncryptInit_ex(&en, NULL, NULL, NULL, NULL)){
        printf("ERROR in EVP_EncryptInit_ex \n");
        return NULL;
    }

    if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
        printf("ERROR in EVP_EncryptUpdate \n");
        return NULL;
    }
    printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
    if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
        printf("ERROR in EVP_EncryptFinal_ex \n");
        return NULL;
    }
    printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
    EVP_CIPHER_CTX_cleanup(&en);

    len = c_len + f_len;
    printf("len value after aes_encrypt \"%d\"\n", len);

    len = strlen(ciphertext);

    printf("strlen value of ciphertext after aes_encrypt \"%d\"\n", len);

    int p_len = len;
    f_len = 0;
    plaintext = (unsigned char *)malloc(p_len);
    //memset(plaintext,0,sizeof(plaintext));
    if(!EVP_DecryptInit_ex(&de, NULL, NULL, NULL, NULL)){
        printf("ERROR in EVP_DecryptInit_ex \n");
        return NULL;
    }
    EVP_CIPHER_CTX_set_padding(&de, 0);

    if(!EVP_DecryptUpdate(&de, plaintext, &p_len, ciphertext, len)){
        printf("ERROR in EVP_DecryptUpdate\n");
        return NULL;
    }

    if(!EVP_DecryptFinal_ex(&de, plaintext+p_len, &f_len)){
        printf("ERROR in EVP_DecryptFinal_ex\n");
        return NULL;
    }
    EVP_CIPHER_CTX_cleanup(&de);
    len = p_len + f_len;
    printf("Decrypted value = %s\n", plaintext);

    printf("len value after aes_decrypt \"%d\"\n", len);


    if (strncmp(plaintext, input, olen))
        printf("FAIL: enc/dec failed for \"%s\"\n", input);
    else
        printf("OK: enc/dec ok for \"%s\"\n", plaintext); // \"%s\"\n

    printf("OK: ciphertext is \"%s\"\n", ciphertext); // \"%s\"\n
    printf("\n");

    unsigned char *s3 = ciphertext;
    printf("s3 =\n");
    int nc = 0;
    while(*s3 != '\0'){
        printf("%02x", *s3);
        s3++;
        nc ++;
        if(nc == 16){
            printf("\n");
            nc = 0;
        }

    }
    printf("\n");
    //printf("nc = %d\n", nc);
    free(ciphertext);
    free(plaintext);

    return 0;
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

梅窗月明清似水 2024-11-08 13:19:38

就像加密和解密时需要匹配密钥和IV一样,您也需要匹配填充设置。 NIST 测试没有填充。以下是 OpenSSL 文档的摘录:

EVP_DecryptInit_ex(),
EVP_DecryptUpdate() 和
EVP_DecryptFinal_ex() 是
相应的解密操作。
EVP_DecryptFinal() 将返回
如果启用填充,则错误代码并且
最后的块不正确
格式化。参数和
限制与
加密操作,除了 if
填充已启用解密数据
缓冲区输出传递给
EVP_DecryptUpdate() 应该有
足够的空间 (inl +
cipher_block_size) 字节,除非
在这种情况下密码块大小为 1
inl 字节就足够了。


在同一页面搜索“padding”,您将看到函数 EVP_CIPHER_CTX_set_padding

EVP_CIPHER_CTX_set_padding() 启用
或禁用填充。默认情况下
使用填充加密操作
标准块填充和填充
被检查并删除时
解密。如果焊盘参数为
零则不执行填充,
加密的数据总量或
解密后的值必须是
块大小或将发生错误。

因此,在调用 EVP_CIPHER_CTX_init 之后、开始解密之前的某个时刻,您需要执行以下操作:

EVP_CIPHER_CTX_set_padding(&de, 0);

Just like you need to match the key and IV when you encrypt and decrypt, you also need to match the padding setting. The NIST tests are not padded. Here's an excerpt from the OpenSSL documentation:

EVP_DecryptInit_ex(),
EVP_DecryptUpdate() and
EVP_DecryptFinal_ex() are the
corresponding decryption operations.
EVP_DecryptFinal() will return an
error code if padding is enabled and
the final block is not correctly
formatted
. The parameters and
restrictions are identical to the
encryption operations except that if
padding is enabled the decrypted data
buffer out passed to
EVP_DecryptUpdate() should have
sufficient room for (inl +
cipher_block_size) bytes unless the
cipher block size is 1 in which case
inl bytes is sufficient.

Searching that same page for "padding", you'll see the function EVP_CIPHER_CTX_set_padding:

EVP_CIPHER_CTX_set_padding() enables
or disables padding. By default
encryption operations are padded using
standard block padding and the padding
is checked and removed when
decrypting. If the pad parameter is
zero then no padding is performed, the
total amount of data encrypted or
decrypted must then be a multiple of
the block size or an error will occur.

So at some point after you call EVP_CIPHER_CTX_init and before you start decrypting, you need to do this:

EVP_CIPHER_CTX_set_padding(&de, 0);
兮子 2024-11-08 13:19:38

要在 OpenSSL 函数失败后显示错误,您可以使用:

ERR_print_errors_fp(stderr);

To show the errors after an OpenSSL function fails, you can use:

ERR_print_errors_fp(stderr);
倾`听者〃 2024-11-08 13:19:38

我对 EVP_DecryptFinal_ex 例程也有同样的问题。我发现您无法通过 strlen(ciphertext) 获得密文的长度,因为函数 strlen() 返回 C 字符串的长度。

加密后的密文可能包含 '\0' 字符,这些字符被视为 C 字符串的结尾,因此使用函数 strlen() 无法获得正确长度的密文。

相反,您应该记住加密后密文的长度。在您的程序中,您可以使用 c_lenf_len 来实现:

  if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
    printf("ERROR in EVP_EncryptUpdate \n");
    return NULL;
  }//Here you get length of ciphertext in c_len

  printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
  if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
    printf("ERROR in EVP_EncryptFinal_ex \n");
    return NULL;
  }//Here you get the rest of padded ciphertext in f_len
  //This printf won't print out the real lengt of ciphertext you should put in (c_len+f_len)
  printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
  EVP_CIPHER_CTX_cleanup(&en);

  len = c_len + f_len;//This is the real length of ciphertext
  printf("len value after aes_encrypt \"%d\"\n", len);

  len = strlen(ciphertext);//And here you rewrite it, delete this line and you should get it right

另一件事,当您打印出密文时不要使用:

printf("OK: ciphertext is \"%s\"\n", ciphertext);

“%s”也被视为 C字符串并且可以打印出整个密文的一部分。改用:

int i = 0;
printf("\nCiphertext:");
for(i = 0; i < len; i++)//variable len is length of ciphertext memorized after encryption.
{printf("%c",ciphertext[i]);} 

I had the same problem with EVP_DecryptFinal_ex routine. I've found out that you won't get the lenght of ciphertext by strlen(ciphertext) because the function strlen() returns the length of C string.

Ciphertext after encryption can contain '\0' characters which are considered end of C string, so you won't get the right length of ciphertext with function strlen().

Instead you should remember the length of ciphertext after encrypting. In your program you do it with c_len and f_len:

  if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
    printf("ERROR in EVP_EncryptUpdate \n");
    return NULL;
  }//Here you get length of ciphertext in c_len

  printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
  if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
    printf("ERROR in EVP_EncryptFinal_ex \n");
    return NULL;
  }//Here you get the rest of padded ciphertext in f_len
  //This printf won't print out the real lengt of ciphertext you should put in (c_len+f_len)
  printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
  EVP_CIPHER_CTX_cleanup(&en);

  len = c_len + f_len;//This is the real length of ciphertext
  printf("len value after aes_encrypt \"%d\"\n", len);

  len = strlen(ciphertext);//And here you rewrite it, delete this line and you should get it right

Another thing, when you what to print out cipher text don't use:

printf("OK: ciphertext is \"%s\"\n", ciphertext);

"%s" is also considered as C string and can print out just part of the whole ciphertext. Use instead:

int i = 0;
printf("\nCiphertext:");
for(i = 0; i < len; i++)//variable len is length of ciphertext memorized after encryption.
{printf("%c",ciphertext[i]);} 
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文