QT OpenSSL C ++和PHP AES / CBC

Question

我必须在C ++库和php之间进行统一的数据加密。 这确实是我对AES的第一次冒险。 我一直在阅读我所能找到的，并试图找出答案。 我想出了下面的代码。 我只是似乎无法获得匹配的输出。 我已经尝试了好几天了。

我注意到的是，php和CPP版本的输出非常接近。 从CPP函数中，我们得到ta4SK7e1ziUMnBchxqol/TT82wNS8TmJQ/kFls+I04HuK4nP7kDT4J2zYJDB6WIx ，从php我们得到ta4SK7e1ziUMnBchxqol/TT82wNS8TmJQ/kFls+I04H6XsCH1kfyiS/gu2oi57yY 如果你看他们真的很近。 仅最后几个字节有所不同。

所以我知道我已经接近了，但是我真的看不到我没有做正确的事情。

这是C ++代码：

QByteArray encryptAES(QByteArray passphrase, QByteArray plainText, QByteArray myiv)
{
    unsigned char* Key = (unsigned char*) passphrase.data();
    unsigned char* IV = (unsigned char*) myiv.data();

    /** Setup the AES Key structure required for use in the OpenSSL APIs **/
    AES_KEY* AesKey = new AES_KEY();
    AES_set_encrypt_key(Key, 256, AesKey);

    /** take an input string and pad it so it fits into 16 bytes (AES Block Size) **/
    const int UserDataSize = (const int)plainText.size();   // Get the length pre-padding
    int RequiredPadding = (AES_BLOCK_SIZE - (UserDataSize % AES_BLOCK_SIZE));   // Calculate required padding
    for(int i=0; i < RequiredPadding; i++) {
        plainText.push_back('\0');
    }

    unsigned char * UserData = (unsigned char*) plainText.data(); // Get the padded text as an unsigned char array
    const int UserDataSizePadded = (const int)plainText.size();// and the length (OpenSSl is a C-API)

    /** Peform the encryption **/
    unsigned char EncryptedData[UserDataSizePadded] = {0}; // Hard-coded Array for OpenSSL (C++ can't dynamic arrays)
    AES_cbc_encrypt(UserData, EncryptedData, UserDataSizePadded, (const AES_KEY*)AesKey, IV, AES_ENCRYPT);

    QByteArray encrypted = QByteArray(reinterpret_cast<char*>(EncryptedData), UserDataSizePadded);

    return encrypted;
}

QByteArray decryptAES(QByteArray passphrase, QByteArray encryptedText, QByteArray myiv)
{
    unsigned char* Key = (unsigned char*) passphrase.data();
    unsigned char* IV = (unsigned char*) myiv.data();
\
    /** Setup an AES Key structure for the decrypt operation **/
    AES_KEY* AesDecryptKey = new AES_KEY(); // AES Key to be used for Decryption
    AES_set_decrypt_key(Key, 256, AesDecryptKey);   // We Initialize this so we can use the OpenSSL Encryption API

    /** Decrypt the data. Note that we use the same function call. Only change is the last parameter **/
    unsigned char DecryptedData[encryptedText.size()] = {0}; // Hard-coded as C++ doesn't allow for dynamic arrays and OpenSSL requires an array
    AES_cbc_encrypt((unsigned char*) encryptedText.data(), DecryptedData, encryptedText.size(), (const AES_KEY*)AesDecryptKey, IV, AES_DECRYPT);

    QByteArray decrypted = QByteArray(reinterpret_cast<char*>(DecryptedData), encryptedText.size());

    return decrypted;
}

int main(int argc, char *argv[])
{
    QByteArray plainText("This string was AES-256-CBC encrypted.");
    QByteArray phpEnc = QByteArray("ta4SK7e1ziUMnBchxqol/TT82wNS8TmJQ/kFls+I04H6XsCH1kfyiS/gu2oi57yY");
    QByteArray key = QByteArray::fromBase64("pE4B5J5u18U55BTJho//Fioy2bEURa5W/o7HrO1O7/s=");
    QByteArray iv = QByteArray::fromBase64("Gi9kSb/a5f0h7Mb+sRWQdQ==");
    qDebug() << "AES Test KEY: " << key.toBase64();
    qDebug() << "AES Test IV: " << iv.toBase64();
    QByteArray enc = encryptAES(key,plainText, iv);
    qDebug() << "AES Test Encrypt: " << enc.toBase64();
    qDebug() << "AES Test Decrypt: " << decryptAES(key, enc, iv);
    qDebug() << "AES Test Decrypt PHP: " << decryptAES(key, phpEnc, iv);
}

现在这里是PHP代码：

<?php
$method = 'AES-256-CBC';
$txt = "This string was AES-256-CBC encrypted.";
$iv = base64_decode("Gi9kSb/a5f0h7Mb+sRWQdQ==");
$key = base64_decode("pE4B5J5u18U55BTJho//Fioy2bEURa5W/o7HrO1O7/s=");
echo "AES Test KEY: ". base64_encode($iv)."\n\n<br>";
echo "AES Test IV: ". base64_encode($key)."\n\n<br>"."\n\n<br>";

$fromCPP = "ta4SK7e1ziUMnBchxqol/TT82wNS8TmJQ/kFls+I04HuK4nP7kDT4J2zYJDB6WIx";

$enc = openssl_encrypt($txt, $method, $key, OPENSSL_RAW_DATA, $iv);
$dec = openssl_decrypt($enc, $method, $key, OPENSSL_RAW_DATA, $iv);

//Test if php isn't padding
$UserDataSize = strlen($txt);
$RequiredPadding == (16 - ($UserDataSize % 16));
$paddedText = $txt;
for($i=0; $i < $RequiredPadding; $i++)
    $paddedText .= "\0";

$enc2 = openssl_encrypt($paddedText, $method, $key, OPENSSL_RAW_DATA, $iv);
$dec2 = openssl_decrypt($enc2, $method, $key, OPENSSL_RAW_DATA, $iv);

//Try to decrypt CPP 
$dec3 = openssl_decrypt(base64_decode($fromCPP), $method, $key, OPENSSL_RAW_DATA, $iv);

echo "AES Test Encrypt: ". base64_encode($enc)."\n\n<br>";
echo "AES Test Decrypt: ". $dec."\n\n<br>";
echo "AES Test Encrypt Padded: ". base64_encode($enc2)."\n\n<br>";
echo "AES Test Decrypt Padded: ". $dec2."\n\n<br>";
echo "AES Test Decrypt CPP: ". $dec3."\n\n<br>";

?>

Answer 1

填充的区别：

$txt = "This string was AES-256-CBC encrypted.";
$key = base64_decode("pE4B5J5u18U55BTJho//Fioy2bEURa5W/o7HrO1O7/s=");
$iv  = base64_decode("Gi9kSb/a5f0h7Mb+sRWQdQ==");
$cpp = base64_decode('ta4SK7e1ziUMnBchxqol/TT82wNS8TmJQ/kFls+I04HuK4nP7kDT4J2zYJDB6WIx');
$php = base64_decode('ta4SK7e1ziUMnBchxqol/TT82wNS8TmJQ/kFls+I04H6XsCH1kfyiS/gu2oi57yY');

var_dump(
    $txt,
    bin2hex($iv),
    bin2hex($cpp),
    bin2hex($php),
    openssl_decrypt($cpp, 'AES-256-CBC', $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv),
    openssl_decrypt($php, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv),
    base64_encode(openssl_encrypt(str_pad($txt, 48, "\0"), 'AES-256-CBC', $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING
, $iv)),
);

输出：

string(38) "This string was AES-256-CBC encrypted."
string(32) "1a2f6449bfdae5fd21ecc6feb1159075"
string(96) "b5ae122bb7b5ce250c9c1721c6aa25fd34fcdb0352f1398943f90596cf88d381ee2b89cfee40d3e09db36090c1e96231"
string(96) "b5ae122bb7b5ce250c9c1721c6aa25fd34fcdb0352f1398943f90596cf88d381fa5ec087d647f2892fe0bb6a22e7bc98"
string(48) "This string was AES-256-CBC encrypted." // Note the length.
string(38) "This string was AES-256-CBC encrypted."
string(64) "ta4SK7e1ziUMnBchxqol/TT82wNS8TmJQ/kFls+I04HuK4nP7kDT4J2zYJDB6WIx"

您可以看到直到最后一个块（第一个提示）之前，加密的数据都是相同的。 第二个麻烦是解码CPP版本直到添加OPENSSL_ZERO_PADDING选项。 最后的证明就是使用适当的填充和选项重新编码并获得与数据的完全匹配。

Answer 2

有一个使用PHP和C ++实现的库，该库使用AES-256-CBC算法进行统一加密。

https://github.com/mervick/aes-everywhere