AES CBC PKCS5Padding with SecretKey 从 Java 到 Php

AES CBC PKCS5Padding with SecretKey from Java to Php

我需要将此代码从 Java 转换为 PHP:

我知道我应该将 iv 和 SALT 从字节转换为字符串,因为 PHP 需要

$td = mcrypt_module_open('rijndael-128', '', 'cbc', $iv_array_string);

String password = "mypass";
String encoding = "UTF-8";
String cleanString = "text to encode";

byte[] salt_array = {(byte) 0x98, (byte) 0x71, (byte) 0x1F, (byte) 0x71, (byte) 0x5D, (byte) 0x71, (byte) 0x28, (byte) 0x8F};

//Key
KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt_array, 16, 128);
SecretKey tmp = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(keySpec);
SecretKey key = new SecretKeySpec(tmp.getEncoded(), "AES");

//ciphers
byte[] iv_array = {(byte) 0x98, (byte) 0x71, (byte) 0xF3, (byte) 0x52, (byte) 0x1A, (byte) 0x71, (byte) 0x38, (byte) 0x1F, (byte) 0x75, (byte) 0x1F, (byte) 0x1F, (byte) 0xE0, (byte) 0xEF, (byte) 0x39, (byte) 0x98, (byte) 0x1F};
Cipher encChiper = Cipher.getInstance("AES/CBC/PKCS5Padding");
AlgorithmParameterSpec params = new iv_arrayParameterSpec(iv_array);
encChiper.init(Cipher.ENCRYPT_MODE, key, params);
byte[] crypted = encChiper.doFinal(cleanString.getBytes(encoding));
//output encoded
String base64Crypted = new String(Base64.encodeBase64(crypted), encoding);

这是一个可能的解决方案。在 PHP <5.5 中你必须使用 pbkdf2() 函数(php 框架 api 中没有提供)。 PHP >=5.5 具有函数 hash_pbkdf2(..)

<?php
     class CbcCrypt {

           private $iterations = 16;
           private $key_lenght = 16;
           private $password = "password";
           //parametro utilizzato da key per generare la chiave
           private $salt = array(0xA7, 0x71, 0x1F, 0xF5, 0x5D, 0xD2, 0x28, 0x8F);
           //parametro utilizzato dall'algoritmo per il cript
           private $iv = array(0xCB, 0x35, 0xF3, 0x52, 0x1A, 0xF7, 0x38, 0x0B, 0x75, 0x03, 0x8E, 0xE0, 0xEF, 0x39, 0x98, 0xC7);

           public function encrypt($data) {
               $ivStr = implode(array_map("chr", $this->iv));
               $saltStr = implode(array_map("chr", $this->salt));
               //key generator
               //$hash = hash_pbkdf2("sha1", $this->password, $saltStr, $this->iterations, $this->key_lenght, true);
               $hash = $this->pbkdf2($this->password, $saltStr, "sha1", $this->iterations, $this->key_lenght, true);
               $td = mcrypt_module_open('rijndael-128', '', 'cbc', $ivStr);
               //aggiunta del padding
               $toEncryptStrPadded = $this->pkcs5_pad($data);
               mcrypt_generic_init($td, $hash, $ivStr);
               $encrypted = mcrypt_generic($td, $toEncryptStrPadded);
               //print_r('base64 enc: ' . base64_encode($encrypted));
               mcrypt_generic_deinit($td);
               mcrypt_module_close($td);
               return base64_encode($encrypted);
           }

           function pbkdf2($password, $salt, $algorithm = 'sha512', $count = 20000, $key_length = 128, $raw_output = false) {
               if (!in_array($algorithm, hash_algos(), true)) {
                   exit;
               }
           if ($count <= 0 || $key_length <= 0) {
               $count = 20000;
               $key_length = 128;
           }

           $hash_length = strlen(hash($algorithm, "", true));
           $block_count = ceil($key_length / $hash_length);

           $output = "";
           for ($i = 1; $i <= $block_count; $i++) {
               $last = $salt . pack("N", $i);
               $last = $xorsum = hash_hmac($algorithm, $last, $password, true);
               for ($j = 1; $j < $count; $j++) {
                   $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));
               }
               $output .= $xorsum;
           }

           if ($raw_output) {
               return substr( $output, 0, $key_length );
           } else {
               return base64_encode(substr( $output, 0, $key_length ));
           }
       }

       function pkcs5_pad($text) {
           $blocksize = 16;
           $pad = $blocksize - (strlen( $text ) % $blocksize);
    }
}
?>

让我知道是否可以。