我从http://pastie.org/pastes/297563/text
找到了AES加密和解密样本除了解密方案外,它的工作原理非常好。当我加密具有冗长字符串的用户电子邮件字符串(myfullname@mycompanytech.com)时,加密和解密没有问题。加密后,我将其存储在plist文件中,然后再读取它以进行解密。但是,当我加密具有短冗长字符串的电子邮件字符串(例如:me@company.com)时,加密很好,但是当我尝试解密字符串并将其放在标签中时,我发现解密错误就像< em>“加密问题ccStatus == -4301”
UDPATE 我发现这个解密问题只在字符串长度为“16”时才会发生,否则它总能正常工作。有什么帮助吗?
请找到以下代码。 这是加密和解密的代码。
import "CryptoHelper.h"
#define LOGGING_FACILITY(X, Y) \
if(!(X)) { \
NSLog(Y); \
}
#define LOGGING_FACILITY1(X, Y, Z) \
if(!(X)) { \
NSLog(Y, Z); \
}
@interface CryptoHelper(Private)
- (NSData *)doCipher:(NSData *)plainText key:(NSData *)theSymmetricKey context:(CCOperation)encryptOrDecrypt padding:(CCOptions *)pkcs7;
- (NSString *)base64EncodeData:(NSData*)dataToConvert;
- (NSData*)base64DecodeString:(NSString *)string;
@end
@implementation CryptoHelper
static CryptoHelper *MyCryptoHelper = nil;
const uint8_t kKeyBytes[] = "abcdefgh0123456"; // Must be 16 bytes
static CCOptions pad = 0;
static const char encodingTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
- (NSString*)encryptString:(NSString*)string
{
NSRange fullRange;
fullRange.length = [string length];
fullRange.location = 0;
uint8_t buffer[[string length]];
[string getBytes:&buffer maxLength:[string length] usedLength:NULL encoding:NSUTF8StringEncoding options:0 range:fullRange remainingRange:NULL];
NSData *plainText = [NSData dataWithBytes:buffer length:[string length]];
NSData *encryptedResponse = [self doCipher:plainText key:symmetricKey context:kCCEncrypt padding:&pad];
return [self base64EncodeData:encryptedResponse];
}
- (NSString*)decryptString:(NSString*)string
{
NSLog(@"string: %@", string);
NSData *decryptedResponse = [self doCipher:[self base64DecodeString:string] key:symmetricKey context:kCCDecrypt padding:&pad];
NSString *result = [NSString stringWithFormat:@"decryptedResponse: %@", decryptedResponse];
NSLog(@"decryptedResponse: %@", result);
return [NSString stringWithCString:[decryptedResponse bytes] length:[decryptedResponse length]];
}
- (NSData *)doCipher:(NSData *)plainText key:(NSData *)theSymmetricKey context:(CCOperation)encryptOrDecrypt padding:(CCOptions *)pkcs7
{
CCCryptorStatus ccStatus = kCCSuccess;
// Symmetric crypto reference.
CCCryptorRef thisEncipher = NULL;
// Cipher Text container.
NSData * cipherOrPlainText = nil;
// Pointer to output buffer.
uint8_t * bufferPtr = NULL;
// Total size of the buffer.
size_t bufferPtrSize = 0;
// Remaining bytes to be performed on.
size_t remainingBytes = 0;
// Number of bytes moved to buffer.
size_t movedBytes = 0;
// Length of plainText buffer.
size_t plainTextBufferSize = 0;
// Placeholder for total written.
size_t totalBytesWritten = 0;
// A friendly helper pointer.
uint8_t * ptr;
// Initialization vector; dummy in this case 0's.
uint8_t iv[kCCBlockSizeAES128];
memset((void *) iv, 0x0, (size_t) sizeof(iv));
LOGGING_FACILITY(plainText != nil, @"PlainText object cannot be nil." );
LOGGING_FACILITY(theSymmetricKey != nil, @"Symmetric key object cannot be nil." );
LOGGING_FACILITY(pkcs7 != NULL, @"CCOptions * pkcs7 cannot be NULL." );
LOGGING_FACILITY([theSymmetricKey length] == kCCKeySizeAES128, @"Disjoint choices for key size." );
plainTextBufferSize = [plainText length];
LOGGING_FACILITY(plainTextBufferSize > 0, @"Empty plaintext passed in." );
// We don't want to toss padding on if we don't need to
if(encryptOrDecrypt == kCCEncrypt)
{
if(*pkcs7 != kCCOptionECBMode)
{
if((plainTextBufferSize % kCCBlockSizeAES128) == 0)
{
*pkcs7 = 0x0000;
}
else
{
*pkcs7 = kCCOptionPKCS7Padding;
}
}
}
else if(encryptOrDecrypt != kCCDecrypt)
{
LOGGING_FACILITY1( 0, @"Invalid CCOperation parameter [%d] for cipher context.", *pkcs7 );
}
// Create and Initialize the crypto reference.
ccStatus = CCCryptorCreate( encryptOrDecrypt,
kCCAlgorithmAES128,
*pkcs7,
(const void *)[theSymmetricKey bytes],
kCCKeySizeAES128,
(const void *)iv,
&thisEncipher
);
LOGGING_FACILITY1( ccStatus == kCCSuccess, @"Problem creating the context, ccStatus == %d.", ccStatus );
// Calculate byte block alignment for all calls through to and including final.
bufferPtrSize = CCCryptorGetOutputLength(thisEncipher, plainTextBufferSize, true);
// Allocate buffer.
bufferPtr = malloc( bufferPtrSize * sizeof(uint8_t) );
// Zero out buffer.
memset((void *)bufferPtr, 0x0, bufferPtrSize);
// Initialize some necessary book keeping.
ptr = bufferPtr;
// Set up initial size.
remainingBytes = bufferPtrSize;
// Actually perform the encryption or decryption.
ccStatus = CCCryptorUpdate( thisEncipher,
(const void *) [plainText bytes],
plainTextBufferSize,
ptr,
remainingBytes,
&movedBytes
);
LOGGING_FACILITY1( ccStatus == kCCSuccess, @"Problem with CCCryptorUpdate, ccStatus == %d.", ccStatus );
// Handle book keeping.
ptr += movedBytes;
remainingBytes -= movedBytes;
totalBytesWritten += movedBytes;
// Finalize everything to the output buffer.
ccStatus = CCCryptorFinal( thisEncipher,
ptr,
remainingBytes,
&movedBytes
);
totalBytesWritten += movedBytes;
if(thisEncipher)
{
(void) CCCryptorRelease(thisEncipher);
thisEncipher = NULL;
}
LOGGING_FACILITY1( ccStatus == kCCSuccess, @"Problem with encipherment ccStatus == %d", ccStatus );
cipherOrPlainText = [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)totalBytesWritten];
if(bufferPtr) free(bufferPtr);
return cipherOrPlainText;
}
#pragma mark -
#pragma mark Base64 Encode/Decoder
- (NSString *)base64EncodeData:(NSData*)dataToConvert
{
if ([dataToConvert length] == 0)
return @"";
char *characters = malloc((([dataToConvert length] + 2) / 3) * 4);
if (characters == NULL)
return nil;
NSUInteger length = 0;
NSUInteger i = 0;
while (i < [dataToConvert length])
{
char buffer[3] = {0,0,0};
short bufferLength = 0;
while (bufferLength < 3 && i < [dataToConvert length])
buffer[bufferLength++] = ((char *)[dataToConvert bytes])[i++];
// Encode the bytes in the buffer to four characters, including padding "=" characters if necessary.
characters[length++] = encodingTable[(buffer[0] & 0xFC) >> 2];
characters[length++] = encodingTable[((buffer[0] & 0x03) << 4) | ((buffer[1] & 0xF0) >> 4)];
if (bufferLength > 1)
characters[length++] = encodingTable[((buffer[1] & 0x0F) << 2) | ((buffer[2] & 0xC0) >> 6)];
else characters[length++] = '=';
if (bufferLength > 2)
characters[length++] = encodingTable[buffer[2] & 0x3F];
else characters[length++] = '=';
}
return [[[NSString alloc] initWithBytesNoCopy:characters length:length encoding:NSASCIIStringEncoding freeWhenDone:YES] autorelease];
}
- (NSData*)base64DecodeString:(NSString *)string
{
if (string == nil)
[NSException raise:NSInvalidArgumentException format:nil];
if ([string length] == 0)
return [NSData data];
static char *decodingTable = NULL;
if (decodingTable == NULL)
{
decodingTable = malloc(256);
if (decodingTable == NULL)
return nil;
memset(decodingTable, CHAR_MAX, 256);
NSUInteger i;
for (i = 0; i < 64; i++)
decodingTable[(short)encodingTable[i]] = i;
}
const char *characters = [string cStringUsingEncoding:NSASCIIStringEncoding];
if (characters == NULL) // Not an ASCII string!
return nil;
char *bytes = malloc((([string length] + 3) / 4) * 3);
if (bytes == NULL)
return nil;
NSUInteger length = 0;
NSUInteger i = 0;
while (YES)
{
char buffer[4];
short bufferLength;
for (bufferLength = 0; bufferLength < 4; i++)
{
if (characters[i] == '\0')
break;
if (isspace(characters[i]) || characters[i] == '=')
continue;
buffer[bufferLength] = decodingTable[(short)characters[i]];
if (buffer[bufferLength++] == CHAR_MAX) // Illegal character!
{
free(bytes);
return nil;
}
}
if (bufferLength == 0)
break;
if (bufferLength == 1) // At least two characters are needed to produce one byte!
{
free(bytes);
return nil;
}
// Decode the characters in the buffer to bytes.
bytes[length++] = (buffer[0] << 2) | (buffer[1] >> 4);
if (bufferLength > 2)
bytes[length++] = (buffer[1] << 4) | (buffer[2] >> 2);
if (bufferLength > 3)
bytes[length++] = (buffer[2] << 6) | buffer[3];
}
realloc(bytes, length);
return [NSData dataWithBytesNoCopy:bytes length:length];
}
#pragma mark -
#pragma mark Singleton methods
- (id)init
{
if(self = [super init])
{
symmetricKey = [[NSData dataWithBytes:kKeyBytes length:sizeof(kKeyBytes)] retain];
}
return self;
}
+ (CryptoHelper*)sharedInstance
{
@synchronized(self)
{
if (MyCryptoHelper == nil)
{
[[self alloc] init];
}
}
return MyCryptoHelper;
}
+ (id)allocWithZone:(NSZone *)zone
{
@synchronized(self)
{
if (MyCryptoHelper == nil)
{
MyCryptoHelper = [super allocWithZone:zone];
return MyCryptoHelper; // assignment and return on first allocation
}
}
return nil; // on subsequent allocation attempts return nil
}
- (id)copyWithZone:(NSZone *)zone
{
return self;
}
- (id)retain
{
return self;
}
- (unsigned)retainCount
{
return UINT_MAX; // denotes an object that cannot be released
}
- (void)release
{
//do nothing
}
- (id)autorelease
{
return self;
}
@end
以下代码是上述代码的调用者,
-(NSString *) getUsername
{
NSString *usernameString = NULL;
// Data.plist code
// get paths from root direcory
NSArray *paths = NSSearchPathForDirectoriesInDomains (NSDocumentDirectory, NSUserDomainMask, YES);
// get documents path
NSString *documentsPath = [paths objectAtIndex:0];
// get the path to our Data/plist file
NSString *plistPath = [documentsPath stringByAppendingPathComponent:LOGIN_PLIST];
// check to see if Data.plist exists in documents
if (![[NSFileManager defaultManager] fileExistsAtPath:plistPath])
{
// if not in documents, get property list from main bundle
plistPath = [[NSBundle mainBundle] pathForResource:@"LoginInfo" ofType:@"plist"];
}
// read property list into memory as an NSData object
NSData *plistXML = [[NSFileManager defaultManager] contentsAtPath:plistPath];
NSString *errorDesc = nil;
NSPropertyListFormat format;
// convert static property liost into dictionary object
NSDictionary *temp = (NSDictionary *)[NSPropertyListSerialization propertyListFromData:plistXML mutabilityOption:NSPropertyListMutableContainersAndLeaves format:&format errorDescription:&errorDesc];
if (!temp)
{
//NSLog(@"Error reading plist: %@, format: %lu", errorDesc, format);
}
else
{
NSString *nameStr=[temp objectForKey:@"Username"];
NSLog(@"nameStr: %@",nameStr);
// do AES128 decryption
CryptoHelper *pCrypto = [CryptoHelper sharedInstance];
usernameString = [pCrypto decryptString:nameStr];
// usernameString becomes empty after when encryption and trying to decrypt.
NSLog(@"usernameString: %@: usernameString length: %ld", usernameString, [usernameString length] );
}
return usernameString;
}
答案 0 :(得分:1)
您的代码基于Apple 'CryptoExercise' example的 SecKeyWrapper 类。 我在使用doCipher方法时遇到了同样的错误消息。
' -4301 '在这种情况下是调用 CCCryptoFinal 后ccStatus变量的值,返回值 CCryptorStatus 。它在CommonCryptor.h中定义如下:
enum {
kCCSuccess = 0,
kCCParamError = -4300,
kCCBufferTooSmall = -4301,
kCCMemoryFailure = -4302,
kCCAlignmentError = -4303,
kCCDecodeError = -4304,
kCCUnimplemented = -4305
};
所以在某种程度上,在doCipher方法中创建的缓冲区太小,这很奇怪,因为它的大小是通过 CCCryptorGetOutputLength 确定的,正如 CCCryptorFinal 的文档建议:
@result kCCBufferTooSmall indicates insufficent space in the dataOut buffer.
The caller can use CCCryptorGetOutputLength() to determine the required
output buffer size in this case. The operation can be retried; no state is
lost when this is returned.
我已经预感到Apple 示例中的SecKeyWrapper类没有错误。我会看看我是否可以解决问题或者找到另一种在iPhone上进行AES加密的方法。 Rob Napier和Mugunth Kumar的书'iOS 5 programming - Pushing the limits'中有一个解释和示例代码,我将尝试。此外,作者还推荐了两个WWDC会话,可在developer.apple.com获得。
修改强>
我刚发现错误。它位于 doCipher 方法中。只需替换以下行:
// We don't want to toss padding on if we don't need to
if(encryptOrDecrypt == kCCEncrypt)
{
if(*pkcs7 != kCCOptionECBMode)
{
if((plainTextBufferSize % kCCBlockSizeAES128) == 0)
{
*pkcs7 = 0x0000;
}
else
{
*pkcs7 = kCCOptionPKCS7Padding;
}
}
}
else if(encryptOrDecrypt != kCCDecrypt)
{
LOGGING_FACILITY1( 0, @"Invalid CCOperation parameter [%d] for cipher context.", *pkcs7 );
}
使用以下行:
// check for valid context parameter
if (encryptOrDecrypt != kCCEncrypt && encryptOrDecrypt != kCCDecrypt) {
LOGGING_FACILITY1( 0, @"Invalid CCOperation parameter [%d] for cipher context.", encryptOrDecrypt );
}
正如Ortwin在下面指出的那样,你还必须将后续CCCryptorCreate调用中的第三个参数替换为kCCOptionPKCS7Padding:
// Create and Initialize the crypto reference.
ccStatus = CCCryptorCreate( encryptOrDecrypt,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
(const void *)[theSymmetricKey bytes],
kCCKeySizeAES128,
(const void *)iv,
&thisEncipher
);
答案 1 :(得分:0)
我发现当我替换
时它对我有用// We don't want to toss padding on if we don't need to
if(encryptOrDecrypt == kCCEncrypt)
{
if(*pkcs7 != kCCOptionECBMode)
{
if((plainTextBufferSize % kCCBlockSizeAES128) == 0)
{
*pkcs7 = 0x0000;
}
else
{
*pkcs7 = kCCOptionPKCS7Padding;
}
}
}
else if(encryptOrDecrypt != kCCDecrypt)
{
LOGGING_FACILITY1( 0, @"Invalid CCOperation parameter [%d] for cipher context.", *pkcs7 );
}
// Create and Initialize the crypto reference.
ccStatus = CCCryptorCreate( encryptOrDecrypt,
kCCAlgorithmAES128,
*pkcs7,
(const void *)[theSymmetricKey bytes],
kCCKeySizeAES128,
(const void *)iv,
&thisEncipher
);
通过
// We don't want to toss padding on if we don't need to
if (encryptOrDecrypt != kCCEncrypt && encryptOrDecrypt != kCCDecrypt) {
LOGGING_FACILITY1( 0, @"Invalid CCOperation parameter [%d] for cipher context.", *pkcs7 );
}
// Create and Initialize the crypto reference.
ccStatus = CCCryptorCreate( encryptOrDecrypt,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
(const void *)[theSymmetricKey bytes],
kCCKeySizeAES128,
(const void *)iv,
&thisEncipher
);
基本上,我总是为kCCOptionPKCS7Padding
设置CCCryptorCreate
选项,无论是加密还是解密,无论文本长度是多少。
请注意,我的案例是有限的,我没有做任何测试是否适用于所有情况! 没有保证!