我们都知道mbedtls库是一个非常轻量级的c库。我想使用该库来加密字符串。所以我有一个像这样的功能:
aes_encrypt.h:
#ifndef AES_ENCRYPT_H
#define AES_ENCRYPT_H
#define BOOL int
#define TRUE 1
#define FALSE 0
extern const unsigned char key[16];
BOOL ENC_STR(unsigned char *plain, size_t plain_len,
unsigned char *cipher, size_t *cipher_len);
#endif
和实现:
const unsigned char KEY[16] = { 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B,
0x0C, 0x0D, 0x0F, 0xA0 };
BOOL ENC_STR(unsigned char *plain, size_t plain_len, unsigned char *cipher, size_t *cipher_len)
{
BOOL ret = FALSE;
// Prepare the cipher context
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t cipher_ctx;
mbedtls_cipher_init(&cipher_ctx);
if ((cipher_info = mbedtls_cipher_info_from_type(AES_PARM)) == NULL)
{
printf("Cipher Info ERR!\n");
ret = -1;
goto EXIT;
}
if ( (ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0)
{
printf("Cipher Setup ERR!\n");
goto EXIT;
}
if ( (ret = mbedtls_cipher_setkey(&cipher_ctx, KEY, cipher_info->key_bitlen, MBEDTLS_ENCRYPT)) != 0)
{
printf("Cipher SetKey ERR!\n");
goto EXIT;
}
// if ( (ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, 1)) != 0) {
// printf("Cipher SetPadding ERR!\n");
// goto EXIT;
// }
if ( (ret = mbedtls_cipher_reset(&cipher_ctx)) != 0)
{
printf("Cipher Reset ERR!\n");
goto EXIT;
}
// encrypt
if ((ret = mbedtls_cipher_update(&cipher_ctx, plain, plain_len, cipher, cipher_len)) != 0) {
printf("Cipher Update ERR!\n");
goto EXIT;
}
EXIT:
if (ret != TRUE) {
char buf[1024] = {0};
mbedtls_strerror(ret, buf, 1024);
printf("Error Msg:\t%s\n", buf);
}
mbedtls_cipher_free(&cipher_ctx);
return ret;
}
我像下面这样调用函数:
unsigned char *plain = (unsigned char*)"hello world";
size_t plain_len = 12;
unsigned char cipher[128] = {0};
size_t cipher_len = -1;
printf("the encrypt result is:\t%d\n", ENC_STR(plain, plain_len, cipher, &cipher_len));
我得到如下错误信息:
CIPHER - Decryption of block requires a full block
谁能帮助我并解释错误消息的含义是什么?谢谢。
最佳答案
说明:
CIPHER-块解密需要完整的块
谁能帮助我并解释错误消息的含义是什么?
AES是block cipher,表示它当时用于加密128位块。不多不少。
因此,如果源数据短于单个块,则需要使用一些padding以确保将数据延长到所需的长度。
通常,为了加密任何长度的数据,我们使用mode of operation。有些不需要任何填充(CTR,CFB,OFB等)
加密仍然远远不够安全-您将需要IV(盐)和authentication tag。
我们都知道mbedtls库是一个非常轻量级的c库
显然mbedtls已经支持多种操作模式,由您选择
关于c - 如何使用mbedtls以AES方式加密字符串?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/47689591/