实施 Php open_ssl_decrypt AES 256 CBC 作为 CryptoJS

Implement Php open_ssl_decrypt AES 256 CBC as CryptoJS

我尝试在 ReactJs(不是 NodeJs)中编写以下代码,但这在 JS 中不起作用。

PHP中的原始代码工作正常:

    function decryptOpensslDigestSHA256Sum($data)
    {
        $key = hash('sha256', 'Nootric2703202'); //My password has 14 characters

        $method = 'AES-256-CBC';

        $data = base64_decode($data);

        $iv_size = openssl_cipher_iv_length($method);

        $salt_header = substr($data, 0, $iv_size);

        if (substr($salt_header, 0, 8) != "Salted__") {
            return "";
        }
        $salt = substr($salt_header, 8);

        $creds = extractOpenSSLCreds($key, $salt, $iv_size);

        $data = openssl_decrypt(substr($data, $iv_size), $method, $creds['password'], OPENSSL_RAW_DATA, $creds['iv']);

        return $data;
    }

    function extractOpenSSLCreds($key, $salt, $iv_size)
    {
        $m = "";
        while (strlen($m) < 48) {
            $m .= hashCryptoDigestSHA256Sum($m, $key, $salt);
        }
        $result = array(
            'password' => substr($m, 0, 32),
            'iv' => substr($m, 32, $iv_size)
        );
        return $result;
    }

    function hashCryptoDigestSHA256Sum($hash, $key, $salt)
    {
        $hash.= $key.$salt;
        $prev = openssl_digest($hash, "sha256", true);
        return $prev;
    }

如果我在 php 中调用这个函数:

$data = "U2FsdGVkX1++7PN6CsF5Bi38t0N3EjXpH5oGpaIZXUwk4T8QCwcATjvA4b/8VaxD8nf/MZhKPnWb1L8raLR4lw==";
echo "Data urlEncoded: $data<br>";
$decryption = decryptOpensslDigestSHA256Sum($data);
echo "Data decrypted: $decryption<br><br>";

这表明: 数据解密:email=abc@xyz.abc&name=&gpw_id=gpwID

但是当我尝试在 JS 中使用这个函数时它不起作用(我在这个 Whosebug 条目上找到的源代码

function CryptoJSAesDecrypt(encrypted){
    // 1. Separate ciphertext and salt
    var encryptedWA = CryptoJS.enc.Base64.parse(encrypted);
    var prefixWA = CryptoJS.lib.WordArray.create(encryptedWA.words.slice(0, 8/4)); // Salted__ prefix

    var saltWA = CryptoJS.lib.WordArray.create(encryptedWA.words.slice(8/4, 16/4));  // 8 bytes salt: 0x0123456789ABCDEF
    var ciphertextWA = CryptoJS.lib.WordArray.create(encryptedWA.words.slice(16/4, encryptedWA.words.length)); // ciphertext        

    // 2. Determine key and IV using PBKDF2
    var password = 'Nootric2703202'
    var keyIvWA = CryptoJS.PBKDF2(
    password, 
    saltWA, 
    {
        keySize: (32+16)/4,          // key and IV
        iterations: 10000,
        hasher: CryptoJS.algo.SHA256
    }
    );
    var keyWA = CryptoJS.lib.WordArray.create(keyIvWA.words.slice(0, 32/4));
    var ivWA = CryptoJS.lib.WordArray.create(keyIvWA.words.slice(32/4, (32+16)/4));

    // 3. Decrypt
    var decryptedWA = CryptoJS.AES.decrypt(
    {ciphertext: ciphertextWA}, 
    keyWA, 
    {iv: ivWA}
    );
    var decrypted = decryptedWA.toString(CryptoJS.enc.Utf8)
    return decrypted;
}

如果我在 JS 中调用最后一个函数:

    const dec = CryptoJSAesDecrypt("U2FsdGVkX1++7PN6CsF5Bi38t0N3EjXpH5oGpaIZXUwk4T8QCwcATjvA4b/8VaxD8nf/MZhKPnWb1L8raLR4lw==");
    console.log("Data Decrypted: " + dec);

这显示为空: 已解密数据:

如果我用这个数据调用:

    const dec = CryptoJSAesDecrypt("U2FsdGVkX18BI0VniavN78vlhR6fryIan0VvUrdIr+YeLkDYhO2xyA+/oVXJj/c35swVVkCqHPh9VdRbNQG6NQ==");
    console.log("Data Decrypted: " + dec);

并且在 Javascript 函数中我替换了这一行:

var password = 'Nootric2703202'

这个:

var password = 'mypassword'

这很好用!但是使用我自己的密码和我的加密数据,这个 JS 解密代码不起作用。 请帮忙?

const dec = CryptoJSAesDecrypt();
console.log("Decrypted: " + dec);

function CryptoJSAesDecrypt(encrypted){
    // 1. Separate ciphertext and salt
    var encrypted = "U2FsdGVkX1++7PN6CsF5Bi38t0N3EjXpH5oGpaIZXUwk4T8QCwcATjvA4b/8VaxD8nf/MZhKPnWb1L8raLR4lw==";
    console.log("Encrypted:", encrypted);

    var encryptedWA = CryptoJS.enc.Base64.parse(encrypted);
    var prefixWA = CryptoJS.lib.WordArray.create(encryptedWA.words.slice(0, 8/4)); // Salted__ prefix

    var saltWA = CryptoJS.lib.WordArray.create(encryptedWA.words.slice(8/4, 16/4)); // 8 bytes salt: 0x0123456789ABCDEF 

    var ciphertextWA = CryptoJS.lib.WordArray.create(encryptedWA.words.slice(16/4, encryptedWA.words.length)); // ciphertext 

    // 2. Determine key and IV using PBKDF2
    var password = 'Nootric2703202'
    var keyIvWA = CryptoJS.PBKDF2(
    password, 
    saltWA, 
    {
        keySize: (32+16)/4,          // key and IV
        iterations: 10000,
        hasher: CryptoJS.algo.SHA256
    }
    );
    var keyWA = CryptoJS.lib.WordArray.create(keyIvWA.words.slice(0, 32/4));
    var ivWA = CryptoJS.lib.WordArray.create(keyIvWA.words.slice(32/4, (32+16)/4));

    // 3. Decrypt
    var decryptedWA = CryptoJS.AES.decrypt(
    {ciphertext: ciphertextWA}, 
    keyWA, 
    {iv: ivWA}
    );
    var decrypted = decryptedWA.toString(CryptoJS.enc.Utf8)
    return decrypted;
}
<script src="https://cdnjs.cloudflare.com/ajax/libs/react/16.6.3/umd/react.production.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/react-dom/16.6.3/umd/react-dom.production.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>


这是 PHP openssl-decrypt 的源代码(这是一个 openssl.c 文件)PHP openssl.c:

PHP_OPENSSL_API zend_string* php_openssl_decrypt(
    const char *data, size_t data_len,
    const char *method, size_t method_len,
    const char *password, size_t password_len,
    zend_long options,
    const char *iv, size_t iv_len,
    const char *tag, zend_long tag_len,
    const char *aad, size_t aad_len)
{
    const EVP_CIPHER *cipher_type;
    EVP_CIPHER_CTX *cipher_ctx;
    struct php_openssl_cipher_mode mode;
    int i = 0, outlen;
    zend_string *base64_str = NULL;
    bool free_iv = 0, free_password = 0;
    zend_string *outbuf = NULL;

    PHP_OPENSSL_CHECK_SIZE_T_TO_INT_NULL_RETURN(data_len, data);
    PHP_OPENSSL_CHECK_SIZE_T_TO_INT_NULL_RETURN(password_len, password);
    PHP_OPENSSL_CHECK_SIZE_T_TO_INT_NULL_RETURN(aad_len, aad);
    PHP_OPENSSL_CHECK_SIZE_T_TO_INT_NULL_RETURN(tag_len, tag);


    cipher_type = EVP_get_cipherbyname(method);
    if (!cipher_type) {
        php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm");
        return NULL;
    }

    cipher_ctx = EVP_CIPHER_CTX_new();
    if (!cipher_ctx) {
        php_error_docref(NULL, E_WARNING, "Failed to create cipher context");
        return NULL;
    }

    php_openssl_load_cipher_mode(&mode, cipher_type);

    if (!(options & OPENSSL_RAW_DATA)) {
        base64_str = php_base64_decode((unsigned char*)data, data_len);
        if (!base64_str) {
            php_error_docref(NULL, E_WARNING, "Failed to base64 decode the input");
            EVP_CIPHER_CTX_free(cipher_ctx);
            return NULL;
        }
        data_len = ZSTR_LEN(base64_str);
        data = ZSTR_VAL(base64_str);
    }

    if (php_openssl_cipher_init(cipher_type, cipher_ctx, &mode,
                &password, &password_len, &free_password,
                &iv, &iv_len, &free_iv, tag, tag_len, options, 0) == FAILURE ||
            php_openssl_cipher_update(cipher_type, cipher_ctx, &mode, &outbuf, &outlen,
                data, data_len, aad, aad_len, 0) == FAILURE) {
        outbuf = NULL;
    } else if (mode.is_single_run_aead ||
            EVP_DecryptFinal(cipher_ctx, (unsigned char *)ZSTR_VAL(outbuf) + outlen, &i)) {
        outlen += i;
        ZSTR_VAL(outbuf)[outlen] = '[=21=]';
        ZSTR_LEN(outbuf) = outlen;
    } else {
        php_openssl_store_errors();
        zend_string_release_ex(outbuf, 0);
        outbuf = NULL;
    }

    if (free_password) {
        efree((void *) password);
    }
    if (free_iv) {
        efree((void *) iv);
    }
    if (base64_str) {
        zend_string_release_ex(base64_str, 0);
    }
    EVP_CIPHER_CTX_reset(cipher_ctx);
    EVP_CIPHER_CTX_free(cipher_ctx);
    return outbuf;
}

/* {{{ Takes raw or base64 encoded string and decrypts it using given method and key */
PHP_FUNCTION(openssl_decrypt)
{
    zend_long options = 0;
    char *data, *method, *password, *iv = "", *tag = NULL, *aad = "";
    size_t data_len, method_len, password_len, iv_len = 0, tag_len = 0, aad_len = 0;
    zend_string *ret;

    if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss|lsss", &data, &data_len, &method, &method_len,
                    &password, &password_len, &options, &iv, &iv_len, &tag, &tag_len, &aad, &aad_len) == FAILURE) {
        RETURN_THROWS();
    }

    if (!method_len) {
        zend_argument_value_error(2, "cannot be empty");
        RETURN_THROWS();
    }

    if ((ret = php_openssl_decrypt(data, data_len, method, method_len, password, password_len, options, iv, iv_len, tag, tag_len, aad, aad_len))) {
        RETVAL_STR(ret);
    } else {
        RETVAL_FALSE;
    }
}

PHP openssl-digest 的源代码是这样的:

/* {{{ Computes digest hash value for given data using given method, returns raw or binhex encoded string */
PHP_FUNCTION(openssl_digest)
{
    bool raw_output = 0;
    char *data, *method;
    size_t data_len, method_len;
    const EVP_MD *mdtype;
    EVP_MD_CTX *md_ctx;
    unsigned int siglen;
    zend_string *sigbuf;

    if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss|b", &data, &data_len, &method, &method_len, &raw_output) == FAILURE) {
        RETURN_THROWS();
    }
    mdtype = EVP_get_digestbyname(method);
    if (!mdtype) {
        php_error_docref(NULL, E_WARNING, "Unknown digest algorithm");
        RETURN_FALSE;
    }

    siglen = EVP_MD_size(mdtype);
    sigbuf = zend_string_alloc(siglen, 0);

    md_ctx = EVP_MD_CTX_create();
    if (EVP_DigestInit(md_ctx, mdtype) &&
            EVP_DigestUpdate(md_ctx, (unsigned char *)data, data_len) &&
            EVP_DigestFinal (md_ctx, (unsigned char *)ZSTR_VAL(sigbuf), &siglen)) {
        if (raw_output) {
            ZSTR_VAL(sigbuf)[siglen] = '[=22=]';
            ZSTR_LEN(sigbuf) = siglen;
            RETVAL_STR(sigbuf);
        } else {
            int digest_str_len = siglen * 2;
            zend_string *digest_str = zend_string_alloc(digest_str_len, 0);

            make_digest_ex(ZSTR_VAL(digest_str), (unsigned char*)ZSTR_VAL(sigbuf), siglen);
            ZSTR_VAL(digest_str)[digest_str_len] = '[=22=]';
            zend_string_release_ex(sigbuf, 0);
            RETVAL_NEW_STR(digest_str);
        }
    } else {
        php_openssl_store_errors();
        zend_string_release_ex(sigbuf, 0);
        RETVAL_FALSE;
    }

    EVP_MD_CTX_destroy(md_ctx);
}

PHP 实现使用 EVP_BytesToKey() 作为密钥派生函数,因此与 CryptoJS 密钥派生兼容。

然而,CryptoJS 默认使用 MD5 作为摘要,而 PHP 代码使用 SHA256(请注意,从 v1.1.0 版本开始,OpenSSL 已将默认摘要从 MD5 更改为 SHA256)。
此外,用于密钥推导函数的密码不是密码本身(即 Nootric2703202),而是密码的十六进制编码 SHA256 哈希。

如果考虑到这一点,用 CryptoJS 解密是:

var password = 'Nootric2703202';
var passwordHashWA = CryptoJS.SHA256(password);
var passwordHashHex = passwordHashWA.toString(CryptoJS.enc.Hex); 

var ciphertext = 'U2FsdGVkX1++7PN6CsF5Bi38t0N3EjXpH5oGpaIZXUwk4T8QCwcATjvA4b/8VaxD8nf/MZhKPnWb1L8raLR4lw==';

CryptoJS.algo.EvpKDF.cfg.hasher = CryptoJS.algo.SHA256.create();           
var data = CryptoJS.AES.decrypt(ciphertext, passwordHashHex);
console.log(data.toString(CryptoJS.enc.Utf8));
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>

产生预期的明文:

email=abc@xyz.abc&name=&gpw_id=gpwID

由于OpenSSL兼容性,密文也可以用以下OpenSSL表达式解密:

openssl enc -aes-256-cbc -d -md sha256 -in <ciphertextFile> -k d0f95d5e54a7aa25934a5d4915c9e2a06dadac20d16551693be1d21d4d8e8798 -A -a -p

其中 <ciphertextFile> 是包含 Base64 编码密文(无换行符)的文件的路径:U2FsdGVkX1...,密码 d0f95d... 是密码的十六进制编码 SHA256 哈希Nootric2703202.

请记住 EVP_BytesToKey() 被认为是不安全的,s。例如here。相反,应该使用像 PBKDF2 这样可靠的密钥派生函数。