我目前正在研究一個iPhone應用程序,它是.NET C#功能子集的一個端口。我必須使用3DES加密密碼登錄服務器(是的,我知道這不是最佳標準,但請耐心等待)。將C#CryptoSys輔助3DES加密移植到Objective-C CommonCrypto問題
但是,到目前爲止,沒有快樂。我無法在此C#代碼中正確複製加密。在目標c股在C#代碼這些公共變量:
strPassword
是未加密的密碼,如「祕密」abPlain
是一個字節數組與strPassword{73, 65, 63, 72, 65, 74, 02, 02}
的十六進制值rpmPassword
被一串隨機字符。rpmPasswordAsData
是作爲NSData的使用UTF8編碼abPassword
rpmPassword的目標-C僅表示被一個字節數組- 我已經添加了代碼在下面的目標-C代碼來推導
nLen
rpmPassword的值
這裏的C#代碼第一:
static int ITERATIONCOUNT = 2048;
static int KEYBYTES = 24;
static int BLOCKBYTES = 8;
byte[] abInitV = CryptoSysAPI.Rng.NonceBytes(BLOCKBYTES);
byte[] abKey = CryptoSysAPI.Pbe.Kdf2(KEYBYTES, abPassword, abInitV, ITERATIONCOUNT);
CryptoSysAPI.Tdea cipher = CryptoSysAPI.Tdea.Instance();
cipher.InitEncrypt(abKey, Mode.CBC, abInitV);
byte[] abCipher = cipher.Update(abPlain);
abOutput = new byte[abCipher.Length + BLOCKBYTES];
for (int i = 0; i < BLOCKBYTES; i++) abOutput[i] = abInitV[i];
for (int i = 0; i < nLen + nPad; i++) abOutput[BLOCKBYTES + i] = abCipher[i];
return CryptoSysAPI.Cnv.ToHex(abOutput)
正如你所看到的,加密值這將返回實際上是AC十六進制值爲abInitV
和abCipher
的中間值。
我一直在從羅布納皮爾試圖轉換成工作目標C代碼,但到目前爲止,它沒有發生。我生產長度合適的abInitV
和abCipher
價值,而且我也連接起來將正常到abOutput
,但我被服務器拒絕當我嘗試登錄。
這是我的目標c代碼(常量也宣告,我答應):
int nLen = [strPassword length];
int nPad = ((nLen/BLOCKBYTES) + 1) * BLOCKBYTES - nLen;
NSData *abInitV = [self randomDataOfLength:BLOCKBYTES]; // This is the salthex for the encryption
const unsigned char *abInitVAsBytes = [abInitV bytes];
NSData *abKey = [self TDEAKeyForPassword:strPassword salt:abInitV];
size_t movedBytes = 0;
NSMutableData *abCipher = [NSMutableData dataWithLength:BLOCKBYTES];
CCCryptorStatus result = CCCrypt(kCCEncrypt,
kCCAlgorithm3DES,
ccNoPadding & kCCModeCBC,
[abKey bytes],
kCCKeySize3DES,
[abInitV bytes],
abPassword,
[rpmPasswordAsData length],
abCipher.mutableBytes,
KEYBYTES,
&movedBytes);
if (result == kCCSuccess)
{
NSLog(@"abCipher == %@ \n", [abCipher description]);
}
NSMutableData *abOutput = [NSMutableData dataWithCapacity:[abCipher length] + BLOCKBYTES];
const unsigned char *abCipherAsBytes = [abCipher bytes];
for (int i = 0; i < BLOCKBYTES; i++)
{
[abOutput replaceBytesInRange:NSMakeRange(i, sizeof(abInitVAsBytes[i])) withBytes:&abInitVAsBytes[i]];
}
for (int i = 0; i < nLen + nPad; i++)
{
[abOutput replaceBytesInRange:NSMakeRange(BLOCKBYTES + i, sizeof(abCipherAsBytes[i])) withBytes:&abCipherAsBytes[i]];
}
return [EncryptionUtil NSDataToHex:abOutput];
,這裏是支持方法調用上面的代碼:
+(NSString*) NSDataToHex:(NSData*)data
{
const unsigned char *dbytes = [data bytes];
NSMutableString *hexStr =
[NSMutableString stringWithCapacity:[data length]*2];
int i;
for (i = 0; i < [data length]; i++) {
[hexStr appendFormat:@"%02x ", dbytes[i]];
}
return [NSString stringWithString: hexStr];
}
+(NSData*)HexToNSData:(NSString*)hex
{
NSMutableData* data = [NSMutableData data];
int idx;
for (idx = 0; idx+2 <= [hex length]; idx+=2) {
NSRange range = NSMakeRange(idx, 2);
NSString* hexStr = [hex substringWithRange:range];
NSScanner* scanner = [NSScanner scannerWithString:hexStr];
unsigned int intValue;
[scanner scanHexInt:&intValue];
[data appendBytes:&intValue length:1];
}
return data;
}
+(NSData *)randomDataOfLength:(size_t)length
{
NSMutableData *data = [NSMutableData dataWithLength:length];
int result = SecRandomCopyBytes(kSecRandomDefault,
length,
data.mutableBytes);
NSAssert(result == 0, @"Unable to generate random bytes: %d",
errno);
return data;
}
+(NSData *)TDEAKeyForPassword:(NSString *)password
salt:(NSData *)salt
{
NSMutableData *
derivedKey = [NSMutableData dataWithLength:kCCKeySize3DES];
int result = CCKeyDerivationPBKDF(kCCPBKDF2, // algorithm
password.UTF8String, // password
password.length, // passwordLength
salt.bytes, // salt
salt.length, // saltLen
kCCPRFHmacAlgSHA1, // PRF
ITERATIONCOUNT, // rounds
derivedKey.mutableBytes, // derivedKey
derivedKey.length); // derivedKeyLen
return derivedKey;
}
所以,如果有人能告訴我什麼我做錯了,我真誠地感謝你。如果讓我猜的話,我認爲這個問題是在兩個地方之一:
- 生成的關鍵,無論是在調用,或代碼的
TDEAKeyForPassword
- 調用
CCCrypt
。
這就是說,我試過每一個可用的PRF常量,以及填充和沒有填充。
我對加密非常不熟悉,所以我很感謝任何人都可以提供的幫助。
謝謝!
什麼是'npad'?什麼是'strPassword'?什麼是'abPassword'?什麼是'rpmPasswordAsData'? – trudyscousin 2013-05-10 01:32:43
對不起,trudyscousin。我的錯。我已經添加了上面的細節。 – Rob 2013-05-10 12:58:50