OpenSSL上的EVP_DecryptFinal_ex错误

Question

我正在使用OpenSSL EVP例程来使用AES 128 cbc模式进行解密.

我使用NIST网站上指定的测试向量来测试我的程序.

该程序似乎在EVP_DecryptFinal_ex例程中失败.

请问有谁请告诉我这是什么问题？

另外我如何在此处进行错误检查以找出此例程失败的原因？

更新:

请检查以下代码.我添加了加密和解密部分.加密有效.但是在解密过程中,虽然两者的匹配结果,但密码的十六进制值似乎是80字节而不是预期的64字节(在NIST中提到),尽管解密有效并且解密的文本与明文匹配!有人可以澄清一下吗？

预期的密文值应为:

cipher: 0000 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d 
    0010 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2 
    0020 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16 
    0030 3f f1 ca a1 68 1f ac 09 12 0e ca 30 75 86 e1 a7

这是代码:

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/evp.h>

int AES_BLOCK_SIZE;

int main(int argc, char **argv)
{

    EVP_CIPHER_CTX en;
    EVP_CIPHER_CTX de;
    EVP_CIPHER_CTX_init(&en);
    EVP_CIPHER_CTX_init(&de);
    const EVP_CIPHER *cipher_type;
    unsigned char *mode;
    unsigned char *passkey, *passiv, *plaintxt;
    int vector_len = 0;
    char *plain;
    char *plaintext;
    unsigned char *ciphertext;
    int olen, len;
    int i =0;

    //NIST VALUES TO CHECK

    unsigned char iv[]  =
    {   0x00, 0x01, 0x02, 0x03,
        0x04, 0x05, 0x06, 0x07,
        0x08, 0x09, 0x0a, 0x0b,
        0x0c, 0x0d, 0x0e, 0x0f,  0 };

    unsigned char key[] =
    {   0x2b, 0x7e, 0x15, 0x16,
        0x28, 0xae, 0xd2, 0xa6,
        0xab, 0xf7, 0x15, 0x88,
        0x09, 0xcf, 0x4f, 0x3c , 0 };

    unsigned char input[] =
    {   0x6b, 0xc1, 0xbe, 0xe2,
        0x2e, 0x40, 0x9f, 0x96,
        0xe9, 0x3d, 0x7e, 0x11,
        0x73, 0x93, 0x17, 0x2a,

        0xae, 0x2d, 0x8a, 0x57,
        0x1e, 0x03, 0xac, 0x9c,
        0x9e, 0xb7, 0x6f, 0xac,
        0x45, 0xaf, 0x8e, 0x51,

        0x30, 0xc8, 0x1c, 0x46,
        0xa3, 0x5c, 0xe4, 0x11,
        0xe5, 0xfb, 0xc1, 0x19,
        0x1a, 0x0a, 0x52, 0xef,

        0xf6, 0x9f, 0x24, 0x45,
        0xdf, 0x4f, 0x9b, 0x17,
        0xad, 0x2b, 0x41, 0x7b,
        0xe6, 0x6c, 0x37, 0x10, 0 };

    printf("AES ALGORITHM FOR 128 bit CBC MODE\n");
    cipher_type = EVP_aes_128_cbc();
    AES_BLOCK_SIZE = 128;
    passkey = key;
    passiv = iv;
    plain = input;

    printf("iv=");
    for(i = 0; i < sizeof iv; i++){
        printf("%02x", iv[i]);
    }
    printf("\n");
    printf("key=");
    for(i = 0; i < sizeof key; i++){
        printf("%02x", key[i]);
    }
    printf("\n");

    printf("Initializing AES ALGORITHM FOR CBC MODE..\n");

    EVP_EncryptInit_ex(&en, cipher_type, NULL, passkey, passiv);

    EVP_DecryptInit_ex(&de, cipher_type, NULL, passkey, passiv);

    olen = len = strlen(input)+1;
    printf("len value before aes_encrypt \"%d\"\n", len);

    int c_len = len + AES_BLOCK_SIZE - 1;
    int f_len = 0;
    ciphertext = (unsigned char *)malloc(c_len);

    if(!EVP_EncryptInit_ex(&en, NULL, NULL, NULL, NULL)){
        printf("ERROR in EVP_EncryptInit_ex \n");
        return NULL;
    }

    if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
        printf("ERROR in EVP_EncryptUpdate \n");
        return NULL;
    }
    printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
    if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
        printf("ERROR in EVP_EncryptFinal_ex \n");
        return NULL;
    }
    printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
    EVP_CIPHER_CTX_cleanup(&en);

    len = c_len + f_len;
    printf("len value after aes_encrypt \"%d\"\n", len);

    len = strlen(ciphertext);

    printf("strlen value of ciphertext after aes_encrypt \"%d\"\n", len);

    int p_len = len;
    f_len = 0;
    plaintext = (unsigned char *)malloc(p_len);
    //memset(plaintext,0,sizeof(plaintext));
    if(!EVP_DecryptInit_ex(&de, NULL, NULL, NULL, NULL)){
        printf("ERROR in EVP_DecryptInit_ex \n");
        return NULL;
    }
    EVP_CIPHER_CTX_set_padding(&de, 0);

    if(!EVP_DecryptUpdate(&de, plaintext, &p_len, ciphertext, len)){
        printf("ERROR in EVP_DecryptUpdate\n");
        return NULL;
    }

    if(!EVP_DecryptFinal_ex(&de, plaintext+p_len, &f_len)){
        printf("ERROR in EVP_DecryptFinal_ex\n");
        return NULL;
    }
    EVP_CIPHER_CTX_cleanup(&de);
    len = p_len + f_len;
    printf("Decrypted value = %s\n", plaintext);

    printf("len value after aes_decrypt \"%d\"\n", len);


    if (strncmp(plaintext, input, olen))
        printf("FAIL: enc/dec failed for \"%s\"\n", input);
    else
        printf("OK: enc/dec ok for \"%s\"\n", plaintext); // \"%s\"\n

    printf("OK: ciphertext is \"%s\"\n", ciphertext); // \"%s\"\n
    printf("\n");

    unsigned char *s3 = ciphertext;
    printf("s3 =\n");
    int nc = 0;
    while(*s3 != '\0'){
        printf("%02x", *s3);
        s3++;
        nc ++;
        if(nc == 16){
            printf("\n");
            nc = 0;
        }

    }
    printf("\n");
    //printf("nc = %d\n", nc);
    free(ciphertext);
    free(plaintext);

    return 0;
}

Answer 1

就像在加密和解密时需要匹配密钥和IV一样,您还需要匹配填充设置.NIST测试没有填充.以下是OpenSSL 文档的摘录:

EVP_DecryptInit_ex(),EVP_DecryptUpdate()和EVP_DecryptFinal_ex()是相应的解密操作.如果启用填充并且最终块未正确格式化,则 EVP_DecryptFinal()将返回错误代码.参数和限制与加密操作相同,除了如果启用填充,传递给EVP_DecryptUpdate()的解密数据缓冲区应该有足够的空间用于(inl + cipher_block_size)字节,除非密码块大小为1,在这种情况下inl字节是足够.

搜索同一页面的"填充",您将看到该功能EVP_CIPHER_CTX_set_padding:

EVP_CIPHER_CTX_set_padding()启用或禁用填充.默认情况下,使用标准块填充填充加密操作,并在解密时检查和删除填充.如果pad参数为零,则不执行填充,则加密或解密的数据总量必须是块大小的倍数,否则将发生错误.

因此,在您打电话之后EVP_CIPHER_CTX_init和开始解密之前的某个时刻,您需要这样做:

EVP_CIPHER_CTX_set_padding(&de, 0);

Answer 2

要在 OpenSSL 函数失败后显示错误，您可以使用：

ERR_print_errors_fp(stderr);