Python AES 加密提供与原始 C# 代码不同的结果
Python AES encryption furnishing different result from originating C# code
C# 代码使用 AES 来加密字节数组。
我已经使用 PyCryptodome 编写了一个 Python 程序来做同样的事情,但是当我使用 C# 代码时,加密的字节总是与结果不同,我确保:
- 在两者中将 IV 设置为相同的值(仅用于测试目的)
- 确保两者的密钥相同
- 确保原始数据相同
我正在加密的内容:一个字节数组。这些字节主要代表 TLD 格式的数据。
Python 程序将成为实用程序的一部分,该实用程序将动态生成流,这些流将由用 C# 编写的 Web 应用程序处理。
使用 http://aes.online-domain-tools.com,我实际上可以解密 C# 代码生成的字节并验证它使用的是 AES,并且原始数据是正确的。
问题是:还有什么可能是区分因素?
Python 片段:
from Crypto.Cipher import AES
from Crypto import Random
from Crypto.Util.Padding import pad
**** Correction ***
aes_cipher = AES.new(bytes(key, 'UTF-8'), AES.MODE_CBC)
#
# Correct, the above call would use a random IV value.
# For debugging & learning purpose, I halted this in the
# debugger and manually set
# aes_cipher.IV = <a given value>
# and used the same IV in the C# code to try and keep all known inputs identical.
#
aes_cipher.block_size = 128
aes_cipher.key_size = 128 # bits
encrypted_pack = aes_cipher.encrypt(pad(pack, 16))
# Tack on to the beginning the 16 bytes of the "IV"
# FYI - the C# decryption function strips off the first 16 IV bytes
encrypted_pack = aes_cipher.IV + encrypted_pack
return encrypted_pack
C# 片段
AesCipher = new RijndaelManaged();
AesCipher.KeySize = 128; // 192, 256
// BlockSize: 128-bit == 16 bytes.
// 128-bit is the default for RijndaelManaged
AesCipher.BlockSize = 128;
AesCipher.Mode = CipherMode.CBC;
AesCipher.Padding = PaddingMode.Zeros;
...
...
#
# Yes, GenerateIV() generates a random IV.
# As mentioned above, I overrode this by setting
# AesCipher.IV = <the same value as above>
#
AesCipher.GenerateIV();
setKey(key); // converts a string of decimal digits to string of hex digits
ICryptoTransform transform = AesCipher.CreateEncryptor();
byte[] encrypted = transform.TransformFinalBlock(buf, 0, buf.Length);
byte[] result = new byte[encrypted.Length + 16];
Buffer.BlockCopy(AesCipher.IV, 0, result, 0, 16);
Buffer.BlockCopy(encrypted, 0, result, 16, encrypted.Length);
return result;
***
Update
***
There was another problem that I just discovered and fixed.
The key was being saved as a 32-byte rather than 16-byte bytearray, which would explain the gigantic discrepancy from online tool results.
Solved easiy with
```byte_key = binascii.unhexlify(key)
Once I did that, the returned by both pieces of code matched, and they matched what was in the online tool, too.
Sneaky because in the debugger, it's easy to miss because the values look the same.
AesCipher.GenerateIV() 正在生成随机 IV,如果我没记错的话。这不同于
set the IV to the same value in both (just for test purpose)
而Crypto.Util.Padding.pad的默认padding是
style (string) – Padding algorithm. It can be ‘pkcs7’ (default), ‘iso7816’ or ‘x923’.
不同于:
AesCipher.Padding = PaddingMode.Zeros;
完全可用的 C# 和 Python 个示例:
public static byte[] SimpleEncryptAesVariableLengthCbcZeros(string key, byte[] iv, byte[] plain)
{
byte[] key2 = Encoding.UTF8.GetBytes(key);
if (key.Length == 0 || key.Length > 32)
{
throw new ApplicationException("Illegal length for key");
}
int keySize = key2.Length <= 16 ? 128 : key2.Length <= 24 ? 192 : 256;
using (var aesCipher = new RijndaelManaged())
{
aesCipher.KeySize = keySize;
// BlockSize: 128-bit == 16 bytes.
// 128-bit is the default for RijndaelManaged
aesCipher.BlockSize = 128;
aesCipher.Mode = CipherMode.CBC;
aesCipher.Padding = PaddingMode.Zeros;
if (iv == null)
{
// IV as calculated by http://aes.online-domain-tools.com/
// SHA1(key) truncated to 16 bytes
iv = SHA1.HashData(key2);
Array.Resize(ref iv, aesCipher.BlockSize / 8);
}
else if (iv.Length != aesCipher.BlockSize / 8)
{
throw new ApplicationException("Illegal length for IV");
}
aesCipher.IV = iv;
// Key is padded with bytes set to 0
Array.Resize(ref key2, aesCipher.KeySize / 8);
aesCipher.Key = key2;
using (var encryptor = aesCipher.CreateEncryptor())
{
var encrypted = encryptor.TransformFinalBlock(plain, 0, plain.Length);
var iv_encrypted = new byte[iv.Length + encrypted.Length];
Array.Copy(iv, 0, iv_encrypted, 0, iv.Length);
Array.Copy(encrypted, 0, iv_encrypted, iv.Length, encrypted.Length);
return iv_encrypted;
}
}
}
//
public static byte[] StringToByteArray(string hex)
{
hex = hex.Replace(" ", string.Empty);
byte[] bytes = new byte[hex.Length / 2];
for (int i = 0; i < hex.Length; i += 2)
{
bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
}
return bytes;
}
public static string ByteArrayToString(byte[] bytes, string join)
{
string res = string.Join(join, Array.ConvertAll(bytes, x => x.ToString("x2")));
return res;
}
static void Main(string[] args)
{
string key = "abcdefghabcdefghabcdefghabcdefgh";
byte[] plain = StringToByteArray("0000000000000000000000000000000001");
var res = SimpleEncryptAesVariableLengthCbcZeros(key, null, plain);
var res2 = ByteArrayToString(res, " ");
Console.WriteLine(res2);
}
and(请注意,这可能是我一生中第二次或第三次写 Python,所以我不太确定它的质量,当然它没有优化):
from Crypto.Cipher import AES
from Crypto import Random
import hashlib
#from Crypto.Util.Padding import pad
#key must be string
#iv must be bytes or None
#plain must be bytes
def SimpleEncryptAesVariableLengthCbcZeros(key, iv, plain):
key2 = bytes(key, 'UTF-8')
if len(key2) == 0 or len(key2) > 32:
raise Exception('Illegal length for key')
keySize = 128 if len(key2) <= 16 else 192 if len(key2) <= 24 else 256
if iv == None:
#IV as calculated by http://aes.online-domain-tools.com/
#SHA1(key) truncated to 16 bytes
h = hashlib.sha1()
h.update(key2)
iv = h.digest()
iv = iv[0:16]
elif len(iv) != 128 // 8:
raise Exception('Illegal length for iv')
#Key is padded with bytes set to 0
key2 = key2 + b'[=12=]' * (keySize // 8 - len(key2))
aes_cipher = AES.new(key2, AES.MODE_CBC, iv)
aes_cipher.key_size = keySize
aes_cipher.block_size = 128
padded = plain
#zero padding
if len(padded) % 16 != 0:
padded = padded + b'[=12=]' * (16 - len(padded) % 16)
encrypted = aes_cipher.encrypt(bytes(padded))
iv_encrypted = iv + encrypted
return iv_encrypted
key = 'abcdefghabcdefghabcdefghabcdefgh'
plain = bytearray.fromhex('0000000000000000000000000000000001')
iv_encrypted = SimpleEncryptAesVariableLengthCbcZeros(key, None, plain)
print(' '.join(["{:02x}".format(x) for x in iv_encrypted]))
C# 代码使用 AES 来加密字节数组。
我已经使用 PyCryptodome 编写了一个 Python 程序来做同样的事情,但是当我使用 C# 代码时,加密的字节总是与结果不同,我确保:
- 在两者中将 IV 设置为相同的值(仅用于测试目的)
- 确保两者的密钥相同
- 确保原始数据相同
我正在加密的内容:一个字节数组。这些字节主要代表 TLD 格式的数据。
Python 程序将成为实用程序的一部分,该实用程序将动态生成流,这些流将由用 C# 编写的 Web 应用程序处理。
使用 http://aes.online-domain-tools.com,我实际上可以解密 C# 代码生成的字节并验证它使用的是 AES,并且原始数据是正确的。
问题是:还有什么可能是区分因素?
Python 片段:
from Crypto.Cipher import AES
from Crypto import Random
from Crypto.Util.Padding import pad
**** Correction ***
aes_cipher = AES.new(bytes(key, 'UTF-8'), AES.MODE_CBC)
#
# Correct, the above call would use a random IV value.
# For debugging & learning purpose, I halted this in the
# debugger and manually set
# aes_cipher.IV = <a given value>
# and used the same IV in the C# code to try and keep all known inputs identical.
#
aes_cipher.block_size = 128
aes_cipher.key_size = 128 # bits
encrypted_pack = aes_cipher.encrypt(pad(pack, 16))
# Tack on to the beginning the 16 bytes of the "IV"
# FYI - the C# decryption function strips off the first 16 IV bytes
encrypted_pack = aes_cipher.IV + encrypted_pack
return encrypted_pack
C# 片段
AesCipher = new RijndaelManaged();
AesCipher.KeySize = 128; // 192, 256
// BlockSize: 128-bit == 16 bytes.
// 128-bit is the default for RijndaelManaged
AesCipher.BlockSize = 128;
AesCipher.Mode = CipherMode.CBC;
AesCipher.Padding = PaddingMode.Zeros;
...
...
#
# Yes, GenerateIV() generates a random IV.
# As mentioned above, I overrode this by setting
# AesCipher.IV = <the same value as above>
#
AesCipher.GenerateIV();
setKey(key); // converts a string of decimal digits to string of hex digits
ICryptoTransform transform = AesCipher.CreateEncryptor();
byte[] encrypted = transform.TransformFinalBlock(buf, 0, buf.Length);
byte[] result = new byte[encrypted.Length + 16];
Buffer.BlockCopy(AesCipher.IV, 0, result, 0, 16);
Buffer.BlockCopy(encrypted, 0, result, 16, encrypted.Length);
return result;
***
Update
***
There was another problem that I just discovered and fixed.
The key was being saved as a 32-byte rather than 16-byte bytearray, which would explain the gigantic discrepancy from online tool results.
Solved easiy with
```byte_key = binascii.unhexlify(key)
Once I did that, the returned by both pieces of code matched, and they matched what was in the online tool, too.
Sneaky because in the debugger, it's easy to miss because the values look the same.
AesCipher.GenerateIV() 正在生成随机 IV,如果我没记错的话。这不同于
set the IV to the same value in both (just for test purpose)
而Crypto.Util.Padding.pad的默认padding是
style (string) – Padding algorithm. It can be ‘pkcs7’ (default), ‘iso7816’ or ‘x923’.
不同于:
AesCipher.Padding = PaddingMode.Zeros;
完全可用的 C# 和 Python 个示例:
public static byte[] SimpleEncryptAesVariableLengthCbcZeros(string key, byte[] iv, byte[] plain)
{
byte[] key2 = Encoding.UTF8.GetBytes(key);
if (key.Length == 0 || key.Length > 32)
{
throw new ApplicationException("Illegal length for key");
}
int keySize = key2.Length <= 16 ? 128 : key2.Length <= 24 ? 192 : 256;
using (var aesCipher = new RijndaelManaged())
{
aesCipher.KeySize = keySize;
// BlockSize: 128-bit == 16 bytes.
// 128-bit is the default for RijndaelManaged
aesCipher.BlockSize = 128;
aesCipher.Mode = CipherMode.CBC;
aesCipher.Padding = PaddingMode.Zeros;
if (iv == null)
{
// IV as calculated by http://aes.online-domain-tools.com/
// SHA1(key) truncated to 16 bytes
iv = SHA1.HashData(key2);
Array.Resize(ref iv, aesCipher.BlockSize / 8);
}
else if (iv.Length != aesCipher.BlockSize / 8)
{
throw new ApplicationException("Illegal length for IV");
}
aesCipher.IV = iv;
// Key is padded with bytes set to 0
Array.Resize(ref key2, aesCipher.KeySize / 8);
aesCipher.Key = key2;
using (var encryptor = aesCipher.CreateEncryptor())
{
var encrypted = encryptor.TransformFinalBlock(plain, 0, plain.Length);
var iv_encrypted = new byte[iv.Length + encrypted.Length];
Array.Copy(iv, 0, iv_encrypted, 0, iv.Length);
Array.Copy(encrypted, 0, iv_encrypted, iv.Length, encrypted.Length);
return iv_encrypted;
}
}
}
//
public static byte[] StringToByteArray(string hex)
{
hex = hex.Replace(" ", string.Empty);
byte[] bytes = new byte[hex.Length / 2];
for (int i = 0; i < hex.Length; i += 2)
{
bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
}
return bytes;
}
public static string ByteArrayToString(byte[] bytes, string join)
{
string res = string.Join(join, Array.ConvertAll(bytes, x => x.ToString("x2")));
return res;
}
static void Main(string[] args)
{
string key = "abcdefghabcdefghabcdefghabcdefgh";
byte[] plain = StringToByteArray("0000000000000000000000000000000001");
var res = SimpleEncryptAesVariableLengthCbcZeros(key, null, plain);
var res2 = ByteArrayToString(res, " ");
Console.WriteLine(res2);
}
and(请注意,这可能是我一生中第二次或第三次写 Python,所以我不太确定它的质量,当然它没有优化):
from Crypto.Cipher import AES
from Crypto import Random
import hashlib
#from Crypto.Util.Padding import pad
#key must be string
#iv must be bytes or None
#plain must be bytes
def SimpleEncryptAesVariableLengthCbcZeros(key, iv, plain):
key2 = bytes(key, 'UTF-8')
if len(key2) == 0 or len(key2) > 32:
raise Exception('Illegal length for key')
keySize = 128 if len(key2) <= 16 else 192 if len(key2) <= 24 else 256
if iv == None:
#IV as calculated by http://aes.online-domain-tools.com/
#SHA1(key) truncated to 16 bytes
h = hashlib.sha1()
h.update(key2)
iv = h.digest()
iv = iv[0:16]
elif len(iv) != 128 // 8:
raise Exception('Illegal length for iv')
#Key is padded with bytes set to 0
key2 = key2 + b'[=12=]' * (keySize // 8 - len(key2))
aes_cipher = AES.new(key2, AES.MODE_CBC, iv)
aes_cipher.key_size = keySize
aes_cipher.block_size = 128
padded = plain
#zero padding
if len(padded) % 16 != 0:
padded = padded + b'[=12=]' * (16 - len(padded) % 16)
encrypted = aes_cipher.encrypt(bytes(padded))
iv_encrypted = iv + encrypted
return iv_encrypted
key = 'abcdefghabcdefghabcdefghabcdefgh'
plain = bytearray.fromhex('0000000000000000000000000000000001')
iv_encrypted = SimpleEncryptAesVariableLengthCbcZeros(key, None, plain)
print(' '.join(["{:02x}".format(x) for x in iv_encrypted]))