C++ - EncryptMessage不加密正確的數據

Question

我一直在關注SSL/TLS在線教程（以及更多的閱讀傢伙源代碼和跟隨），但是我用這個EncryptMessage部分碰到了一條崎嶇不平的道路，因爲它將數據推開並加密錯誤的信息。

的pbloBuffer，我送它是：

GET/HTTP/1.1\r\n 
HOST: www.google.com\r\n\r\n 

但是當我做pbMessage = pbloBuffer + Sizes.cbHeader;我結束了（即使是微軟的網站說，要做到這一點）

1\r\n 
HOST: www.google.com\r\n\r\n 

現在pbMessage是上面的代碼，而這SECBUFFER_DATA下插入，它甚至沒有得到完整的數據。根據我的理解，SECBUFFER_DATA是Web服務器將解碼和處理的「用戶」數據。

你能找到如何解決這個問題並正確發送加密數據嗎？

全部源：（此代碼是實驗性的，因爲我想了解它，我做出改變之前）

int Adaptify::EncryptSend(PBYTE pbloBuffer, int Size) { 

    SECURITY_STATUS scRet{ 0 }; 
    SecBufferDesc  Message{ 0 }; 
    SecBuffer   Buffers[4]{ 0 }; 
    DWORD    cbMessage = 0, cbData = 0; 
    PBYTE    pbMessage = nullptr; 
    SecPkgContext_StreamSizes Sizes = { 0 }; 
    QueryContextAttributesW(&hContext, SECPKG_ATTR_STREAM_SIZES, &Sizes); 

    pbMessage = pbloBuffer + Sizes.cbHeader; 
    cbMessage = (DWORD)strlen((const char*)pbMessage); 

    Buffers[0].BufferType = SECBUFFER_STREAM_HEADER; 
    Buffers[0].cbBuffer = Sizes.cbHeader; 
    Buffers[0].pvBuffer = pbloBuffer; 

    Buffers[1].BufferType = SECBUFFER_DATA; 
    Buffers[1].pvBuffer = pbMessage; 
    Buffers[1].cbBuffer = cbMessage; 

    Buffers[2].BufferType = SECBUFFER_STREAM_TRAILER; 
    Buffers[2].cbBuffer = Sizes.cbTrailer; 
    Buffers[2].pvBuffer = pbMessage + cbMessage; 

    Buffers[3].BufferType = SECBUFFER_EMPTY; 
    Buffers[3].cbBuffer = SECBUFFER_EMPTY; 
    Buffers[3].pvBuffer = SECBUFFER_EMPTY; 

    Message.cBuffers = 4; 
    Message.pBuffers = Buffers; 
    Message.ulVersion = SECBUFFER_VERSION; 

    scRet = EncryptMessage(&hContext, 0, &Message, 0); 
    if (send(hSocket, (const char*)pbloBuffer, Buffers[0].cbBuffer + Buffers[1].cbBuffer + Buffers[2].cbBuffer, 0) < 0) { 
     MessageBox(0, L"Send error", 0, 0); 
    } 


    return 0; 
} 

Answer 1

第一 - 你需要後InitializeSecurityContextW回報SEC_E_OK調用QueryContextAttributesW只有一次 - 每次都沒有任何意義叫它，當你需要發送數據。並保存結果。說從SecPkgContext_StreamSizes繼承你的類 - class Adaptify : SecPkgContext_StreamSizes;和結束握手（一次）QueryContextAttributesW(&hContext, SECPKG_ATTR_STREAM_SIZES, this);

約發送發送數據調用 - 你的情況當然Buffers[1].pvBuffer必須指向你的實際數據pbloBuffer但不pbloBuffer + Sizes.cbHeader代碼可以是這樣的：

int Adaptify::EncryptSend(PBYTE pbloBuffer, int Size) { 

    SECURITY_STATUS ss = SEC_E_INSUFFICIENT_MEMORY; 

    if (PBYTE Buffer = new BYTE[cbHeader + Size + cbTrailer]) { 

     memcpy(Buffer + cbHeader, pbloBuffer, Size); 

     SecBuffer sb[4] = { 
      { cbHeader, SECBUFFER_STREAM_HEADER, Buffer}, 
      { Size, SECBUFFER_DATA, Buffer + cbHeader}, 
      { cbTrailer, SECBUFFER_STREAM_TRAILER, Buffer + cbHeader + Size}, 
     }; 

     SecBufferDesc sbd = { 
      SECBUFFER_VERSION, 4, sb 
     }; 

     if (SEC_E_OK == (ss = ::EncryptMessage(this, 0, &sbd, 0)))) { 
      if (SOCKET_ERROR == send(hSocket, (const char*)Buffer, sb[0].cbBuffer+sb[1].cbBuffer+sb[2].cbBuffer+sb[3].cbBuffer, 0)) 
       ss = WSAGetLastError(); 
     } 
     delete [] Buffer; 
    } 
    return ss; 
} 

，所以你需要用cbHeader + Size + cbTrailer大小分配新的緩衝區（wher Size是你實際的消息Size和Buffer + cbHeader