在IOS中实施AES256加密
Ask*_*Ali 3 iphone encryption aes nsdata commoncrypto
这是我的java代码.现在我想在Objective-C中实现相同的功能.
Cipher encryptCipher;
IvParameterSpec iv = new IvParameterSpec(key);
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
encryptCipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte[] encrypted = encryptCipher.doFinal(dataToEncrypt.getBytes());
Log.d("TAG", "encrypted string:"
+ Base64.encodeToString(encrypted, Base64.DEFAULT));
return Base64.encodeToString(encrypted, Base64.DEFAULT).trim();
这是我的iOS实现
- (NSData *)AES256EncryptWithKey:(NSString*)key
{
char keyPtr[kCCKeySizeAES256 + 1];
bzero(keyPtr, sizeof(keyPtr));
[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [self length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void* buffer = malloc(bufferSize);
size_t numBytesEncrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
keyPtr,
kCCKeySizeAES256,
NULL,
[self bytes],
dataLength,
buffer,
bufferSize,
&numBytesEncrypted);
if (cryptStatus == kCCSuccess)
{
return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
}
free(buffer);
return nil;
}
这是我的哈希密钥生成函数.这个函数在android和ios中返回相同的键
int dkLen = 16;
NSData *keyData = [hash_key dataUsingEncoding:NSUTF8StringEncoding];
NSData *salt = [saltKey dataUsingEncoding:NSUTF8StringEncoding];
uint rounds = 1000;
uint keySize = kCCKeySizeAES128;
NSMutableData *derivedKey = [NSMutableData dataWithLength:keySize];
CCKeyDerivationPBKDF(kCCPBKDF2, // algorithm
keyData.bytes, // password
keyData.length, // passwordLength
salt.bytes, // salt
salt.length, // saltLen
kCCPRFHmacAlgSHA1, // PRF
rounds, // rounds
derivedKey.mutableBytes, // derivedKey
dkLen*8);
return derivedKey;
我得到了不同的输出.我做错了什么?.请帮助我找出答案.
一个问题是Java代码使用CBC模式,iOS代码使用ECB模式.
接下来,从引用的项目:
//result= yHbhApwTpQ2ZhE97AKF/g==
无效的Base64,它不包含4个字节的倍数.
有了这些选项:CBC,PKCS#7填充
inputs:
data in: "hello" which will be null padded to the block length of 16-bytes
key:
base64: VQQhu+dUdqXGoE7RZL2JWg==
hex: 550421bbe75476a5c6a04ed164bd895a
iv:
base64: VQQhu+dUdqXGoE7RZL2JWg==
hex: 550421bbe75476a5c6a04ed164bd895a
encrypted output:
hex: ff21db840a704e943666113dec0285fe
base64: /yHbhApwTpQ2ZhE97AKF/g==
这是测试代码:
NSString *base64Key = @"VQQhu+dUdqXGoE7RZL2JWg==";
NSString *dataString = @"hello";
NSData *key = [[NSData alloc] initWithBase64EncodedString:base64Key options:0];
NSData *data = [dataString dataUsingEncoding:NSUTF8StringEncoding];
NSLog(@"key: %@", key);
NSLog(@"data: %@", data);
NSData *encryptedData = [TestClass crypt:data
iv:key
key:key
context:kCCEncrypt];
NSLog(@"encryptedData: %@", encryptedData);
NSString *encryptedBase64Data = [encryptedData base64EncodedStringWithOptions:0];
NSLog(@"encryptedBase64Data: %@", encryptedBase64Data);
这是加密方法(在课堂上TestClass):
+ (NSData *)crypt:(NSData *)dataIn
iv:(NSData *)iv
key:(NSData *)symmetricKey
context:(CCOperation)encryptOrDecrypt
{
CCCryptorStatus ccStatus = kCCSuccess;
size_t cryptBytes = 0; // Number of bytes moved to buffer.
NSMutableData *dataOut = [NSMutableData dataWithLength:dataIn.length + kCCBlockSizeAES128];
ccStatus = CCCrypt( encryptOrDecrypt,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
symmetricKey.bytes,
kCCKeySizeAES128,
iv.bytes,
dataIn.bytes,
dataIn.length,
dataOut.mutableBytes,
dataOut.length,
&cryptBytes);
if (ccStatus != kCCSuccess) {
NSLog(@"CCCrypt status: %d", ccStatus);
}
dataOut.length = cryptBytes;
return dataOut;
}
注意:我将加密和数据转换分开.将它们混淆只会使测试变得更加复杂.
如果使用在线加密实现,则填充可能不是PKCS#7,因为mcrypt不支持它,而是执行非标准空填充.由于填充字节只是填充字节的计数,因此可以在输入中模拟填充.以下是使用AES - Symmetric Ciphers Online的示例
请注意,"你好" PKCS#7填充到16个字节的块大小增加了11个字节的值UINT8 11或的0x0B:68656c6c6f0B0B0B0B0B0B0B0B0B0B0B.
最后问题仍然是为什么Java代码不会产生这个结果?
| 归档时间: |
|
| 查看次数: |
6126 次 |
| 最近记录: |