Crypto++ AES 与标准 fips197 不匹配
Crypto++ AES does not match standard fips197
我正在编写一个基于 crypto++ 库的 class。
class 这是一种使用 AES 算法对数据进行编码和解码的简单方法。
这是我的代码:
class AESEncryption
{
public:
static std::string decrypt(const std::string& data, const std::string& password);
static std::string encrypt(const std::string& data, const std::string& password);
};
std::string AESEncryption::encrypt(const std::string& data, const std::string& password)
{
std::vector<CryptoPP::byte> key(password.begin(), password.end());
std::string result;
CryptoPP::ECB_Mode<CryptoPP::AES>::Encryption encryption;
encryption.SetKey(key.data(), key.size());
CryptoPP::StringSource(data, true, new CryptoPP::StreamTransformationFilter(encryption, new CryptoPP::StringSink(result)));
return result;
}
std::string AESEncryption::decrypt(const std::string& data, const std::string& password)
{
std::vector<CryptoPP::byte> key(password.begin(), password.end());
std::string result;
CryptoPP::ECB_Mode<CryptoPP::AES>::Decryption decryption;
decryption.SetKey(key.data(), key.size());
CryptoPP::StringSource(data, true, new CryptoPP::StreamTransformationFilter(decryption, new CryptoPP::StringSink(result)));
return result;
}
我开始使用标准 fips197(第 46 页)
中的样本测试我的 class
这里是我的测试代码:
namespace
{
QByteArray key(QByteArray::fromHex("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"));
QByteArray plainText(QByteArray::fromHex("00112233445566778899AABBCCDDEEFF"));
QByteArray result(QByteArray::fromHex("8EA2B7CA516745BFEAFC49904B496089"));
}
TEST(AESEncrypt, Valid)
{
std::string key_str(key.begin(), key.end());
std::string paintText_str(plainText.begin(), plainText.end());
std::string expected_result(result.begin(), result.end());
auto result = AESEncryption::encrypt(paintText_str, key_str);
EXPECT_EQ(result, expected_result);
auto decrypt = AESEncryption::decrypt(result, key_str);
EXPECT_EQ(decrypt, paintText_str);
}
我得到了下一个结果:
Expected equality of these values:
result
Which is: "\x8E\xA2\xB7\xCAQgE\xBF\xEA\xFCI\x90KI`\x89\x9F;u\x4\x92o\x8B\xD3n1\x18\xE9\x3\xA4\xCDJ"
expected_result
Which is: "\x8E\xA2\xB7\xCAQgE\xBF\xEA\xFCI\x90KI`\x89"
我得到了无用的数据:
\x9F;u\x4\x92o\x8B\xD3n1\x18\xE9\x3\xA4\xCDJ
如何解决?加密符合标准我能做什么?
Expected equality of these values:
result
Which is: "\x8E\xA2\xB7\xCAQgE\xBF\xEA\xFCI\x90KI`\x89\x9F;u\x4\x92o\x8B\xD3n1\x18\xE9\x3\xA4\xCDJ"
expected_result
Which is: "\x8E\xA2\xB7\xCAQgE\xBF\xEA\xFCI\x90KI`\x89"
How to fix it? What can I do which it encryption matches standard?
提供的 FIPS 197 ECB 模式测试没有填充。但是,下面的代码使用 PKCS 填充,由于填充,这将增加额外的 16 个字节:
StringSource(data, true, new StreamTransformationFilter(encryption, new StringSink(result)));
更准确地说,ECB模式默认使用DEFAULT_PADDING,ECB模式和CBC模式是PKCS_PADDING。我认为您应该改用 NO_PADDING:
StringSource(data, true, new StreamTransformationFilter(encryption, new StringSink(result), NO_PADDING));
另请参阅 StreamTransformationFilter 的文档。这是您正在使用的过滤器发生的情况:
StreamTransformationFilter (
StreamTransformation &c,
BufferedTransformation *attachment=NULL,
BlockPaddingScheme padding=DEFAULT_PADDING)
关于"Crypto++ AES does not match standard fips197",您可以使用以下内容使用 FIPS 197 测试向量(除了 SP800-38)来测试库:
$ ./cryptest.exe tv aes
Using seed: 1544068124
Testing SymmetricCipher algorithm AES/ECB.
....
Testing SymmetricCipher algorithm AES/CBC.
........
Testing SymmetricCipher algorithm AES/CFB.
.......
Testing SymmetricCipher algorithm AES/OFB.
....
Testing SymmetricCipher algorithm AES/CTR.
.............
我正在编写一个基于 crypto++ 库的 class。 class 这是一种使用 AES 算法对数据进行编码和解码的简单方法。 这是我的代码:
class AESEncryption
{
public:
static std::string decrypt(const std::string& data, const std::string& password);
static std::string encrypt(const std::string& data, const std::string& password);
};
std::string AESEncryption::encrypt(const std::string& data, const std::string& password)
{
std::vector<CryptoPP::byte> key(password.begin(), password.end());
std::string result;
CryptoPP::ECB_Mode<CryptoPP::AES>::Encryption encryption;
encryption.SetKey(key.data(), key.size());
CryptoPP::StringSource(data, true, new CryptoPP::StreamTransformationFilter(encryption, new CryptoPP::StringSink(result)));
return result;
}
std::string AESEncryption::decrypt(const std::string& data, const std::string& password)
{
std::vector<CryptoPP::byte> key(password.begin(), password.end());
std::string result;
CryptoPP::ECB_Mode<CryptoPP::AES>::Decryption decryption;
decryption.SetKey(key.data(), key.size());
CryptoPP::StringSource(data, true, new CryptoPP::StreamTransformationFilter(decryption, new CryptoPP::StringSink(result)));
return result;
}
我开始使用标准 fips197(第 46 页)
中的样本测试我的 class这里是我的测试代码:
namespace
{
QByteArray key(QByteArray::fromHex("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"));
QByteArray plainText(QByteArray::fromHex("00112233445566778899AABBCCDDEEFF"));
QByteArray result(QByteArray::fromHex("8EA2B7CA516745BFEAFC49904B496089"));
}
TEST(AESEncrypt, Valid)
{
std::string key_str(key.begin(), key.end());
std::string paintText_str(plainText.begin(), plainText.end());
std::string expected_result(result.begin(), result.end());
auto result = AESEncryption::encrypt(paintText_str, key_str);
EXPECT_EQ(result, expected_result);
auto decrypt = AESEncryption::decrypt(result, key_str);
EXPECT_EQ(decrypt, paintText_str);
}
我得到了下一个结果:
Expected equality of these values:
result
Which is: "\x8E\xA2\xB7\xCAQgE\xBF\xEA\xFCI\x90KI`\x89\x9F;u\x4\x92o\x8B\xD3n1\x18\xE9\x3\xA4\xCDJ"
expected_result
Which is: "\x8E\xA2\xB7\xCAQgE\xBF\xEA\xFCI\x90KI`\x89"
我得到了无用的数据:
\x9F;u\x4\x92o\x8B\xD3n1\x18\xE9\x3\xA4\xCDJ
如何解决?加密符合标准我能做什么?
Expected equality of these values: result Which is: "\x8E\xA2\xB7\xCAQgE\xBF\xEA\xFCI\x90KI`\x89\x9F;u\x4\x92o\x8B\xD3n1\x18\xE9\x3\xA4\xCDJ" expected_result Which is: "\x8E\xA2\xB7\xCAQgE\xBF\xEA\xFCI\x90KI`\x89"How to fix it? What can I do which it encryption matches standard?
提供的 FIPS 197 ECB 模式测试没有填充。但是,下面的代码使用 PKCS 填充,由于填充,这将增加额外的 16 个字节:
StringSource(data, true, new StreamTransformationFilter(encryption, new StringSink(result)));
更准确地说,ECB模式默认使用DEFAULT_PADDING,ECB模式和CBC模式是PKCS_PADDING。我认为您应该改用 NO_PADDING:
StringSource(data, true, new StreamTransformationFilter(encryption, new StringSink(result), NO_PADDING));
另请参阅 StreamTransformationFilter 的文档。这是您正在使用的过滤器发生的情况:
StreamTransformationFilter (
StreamTransformation &c,
BufferedTransformation *attachment=NULL,
BlockPaddingScheme padding=DEFAULT_PADDING)
关于"Crypto++ AES does not match standard fips197",您可以使用以下内容使用 FIPS 197 测试向量(除了 SP800-38)来测试库:
$ ./cryptest.exe tv aes
Using seed: 1544068124
Testing SymmetricCipher algorithm AES/ECB.
....
Testing SymmetricCipher algorithm AES/CBC.
........
Testing SymmetricCipher algorithm AES/CFB.
.......
Testing SymmetricCipher algorithm AES/OFB.
....
Testing SymmetricCipher algorithm AES/CTR.
.............