3

http://pastie.org/pastes/297563/textから AES 暗号化と復号化のサンプルを見つけました

復号化のシナリオを除いて、非常にうまく機能します。長い文字列 (myfullname@mycompanytech.com) を持つユーザーの電子メール文字列を暗号化すると、暗号化と復号化に問題はありません。暗号化後、plist ファイルに保存し、後で復号化のために読み取ります。しかし、短い長い文字列 (例: me@company.com) を含む電子メール文字列を暗号化すると、暗号化は問題ありませんが、文字列を復号化してラベルに配置しようとすると、復号化で"暗号化の問題 ccStatus == -4301"

UDPATEこの復号化の問題は、文字列の長さが「16」の場合にのみ発生することがわかりました。それ以外の場合は、常に正常に機能します。何か助けてください。

以下のコードを見つけてください。これは、暗号化と復号化のためのコードです。

import "CryptoHelper.h"

#define LOGGING_FACILITY(X, Y)  \
if(!(X)) {          \
    NSLog(Y);       \
}                   

#define LOGGING_FACILITY1(X, Y, Z)  \
if(!(X)) {              \
NSLog(Y, Z);        \
}

@interface CryptoHelper(Private)
- (NSData *)doCipher:(NSData *)plainText key:(NSData *)theSymmetricKey context:(CCOperation)encryptOrDecrypt padding:(CCOptions *)pkcs7;
- (NSString *)base64EncodeData:(NSData*)dataToConvert;
- (NSData*)base64DecodeString:(NSString *)string;
@end
@implementation CryptoHelper

static CryptoHelper *MyCryptoHelper = nil;

const uint8_t kKeyBytes[] = "abcdefgh0123456"; // Must be 16 bytes
static CCOptions pad = 0;
static const char encodingTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

- (NSString*)encryptString:(NSString*)string
{
    NSRange fullRange;
    fullRange.length = [string length];
    fullRange.location = 0;

    uint8_t buffer[[string length]];

    [string getBytes:&buffer maxLength:[string length] usedLength:NULL encoding:NSUTF8StringEncoding options:0 range:fullRange remainingRange:NULL];

    NSData *plainText = [NSData dataWithBytes:buffer length:[string length]];

    NSData *encryptedResponse = [self doCipher:plainText key:symmetricKey context:kCCEncrypt padding:&pad];

    return [self base64EncodeData:encryptedResponse];
}

- (NSString*)decryptString:(NSString*)string
{
    NSLog(@"string: %@", string);

    NSData *decryptedResponse = [self doCipher:[self base64DecodeString:string] key:symmetricKey context:kCCDecrypt padding:&pad];

    NSString *result = [NSString stringWithFormat:@"decryptedResponse: %@", decryptedResponse];
    NSLog(@"decryptedResponse: %@", result);

    return [NSString stringWithCString:[decryptedResponse bytes] length:[decryptedResponse length]];
}

- (NSData *)doCipher:(NSData *)plainText key:(NSData *)theSymmetricKey context:(CCOperation)encryptOrDecrypt padding:(CCOptions *)pkcs7
{
    CCCryptorStatus ccStatus = kCCSuccess;
    // Symmetric crypto reference.
    CCCryptorRef thisEncipher = NULL;
    // Cipher Text container.
    NSData * cipherOrPlainText = nil;
    // Pointer to output buffer.
    uint8_t * bufferPtr = NULL;
    // Total size of the buffer.
    size_t bufferPtrSize = 0;
    // Remaining bytes to be performed on.
    size_t remainingBytes = 0;
    // Number of bytes moved to buffer.
    size_t movedBytes = 0;
    // Length of plainText buffer.
    size_t plainTextBufferSize = 0;
    // Placeholder for total written.
    size_t totalBytesWritten = 0;
    // A friendly helper pointer.
    uint8_t * ptr;

    // Initialization vector; dummy in this case 0's.
    uint8_t iv[kCCBlockSizeAES128];
    memset((void *) iv, 0x0, (size_t) sizeof(iv));

    LOGGING_FACILITY(plainText != nil, @"PlainText object cannot be nil." );
    LOGGING_FACILITY(theSymmetricKey != nil, @"Symmetric key object cannot be nil." );
    LOGGING_FACILITY(pkcs7 != NULL, @"CCOptions * pkcs7 cannot be NULL." );
    LOGGING_FACILITY([theSymmetricKey length] == kCCKeySizeAES128, @"Disjoint choices for key size." );

    plainTextBufferSize = [plainText length];

    LOGGING_FACILITY(plainTextBufferSize > 0, @"Empty plaintext passed in." );

    // We don't want to toss padding on if we don't need to
    if(encryptOrDecrypt == kCCEncrypt)
    {
        if(*pkcs7 != kCCOptionECBMode)
        {
            if((plainTextBufferSize % kCCBlockSizeAES128) == 0)
            {
                *pkcs7 = 0x0000;
            }
            else
            {
                *pkcs7 = kCCOptionPKCS7Padding;
            }
        }
    }
    else if(encryptOrDecrypt != kCCDecrypt)
    {
        LOGGING_FACILITY1( 0, @"Invalid CCOperation parameter [%d] for cipher context.", *pkcs7 );
    } 

    // Create and Initialize the crypto reference.
    ccStatus = CCCryptorCreate( encryptOrDecrypt, 
                               kCCAlgorithmAES128, 
                               *pkcs7, 
                               (const void *)[theSymmetricKey bytes], 
                               kCCKeySizeAES128, 
                               (const void *)iv, 
                               &thisEncipher
                               );

    LOGGING_FACILITY1( ccStatus == kCCSuccess, @"Problem creating the context, ccStatus == %d.", ccStatus );

    // Calculate byte block alignment for all calls through to and including final.
    bufferPtrSize = CCCryptorGetOutputLength(thisEncipher, plainTextBufferSize, true);

    // Allocate buffer.
    bufferPtr = malloc( bufferPtrSize * sizeof(uint8_t) );

    // Zero out buffer.
    memset((void *)bufferPtr, 0x0, bufferPtrSize);

    // Initialize some necessary book keeping.

    ptr = bufferPtr;

    // Set up initial size.
    remainingBytes = bufferPtrSize;

    // Actually perform the encryption or decryption.
    ccStatus = CCCryptorUpdate( thisEncipher,
                               (const void *) [plainText bytes],
                               plainTextBufferSize,
                               ptr,
                               remainingBytes,
                               &movedBytes
                               );

    LOGGING_FACILITY1( ccStatus == kCCSuccess, @"Problem with CCCryptorUpdate, ccStatus == %d.", ccStatus );

    // Handle book keeping.
    ptr += movedBytes;
    remainingBytes -= movedBytes;
    totalBytesWritten += movedBytes;

    // Finalize everything to the output buffer.
    ccStatus = CCCryptorFinal(  thisEncipher,
                              ptr,
                              remainingBytes,
                              &movedBytes
                              );

    totalBytesWritten += movedBytes;

    if(thisEncipher)
    {
        (void) CCCryptorRelease(thisEncipher);
        thisEncipher = NULL;
    }

    LOGGING_FACILITY1( ccStatus == kCCSuccess, @"Problem with encipherment ccStatus == %d", ccStatus );

    cipherOrPlainText = [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)totalBytesWritten];

    if(bufferPtr) free(bufferPtr);

    return cipherOrPlainText;


}

#pragma mark -
#pragma mark Base64 Encode/Decoder
- (NSString *)base64EncodeData:(NSData*)dataToConvert
{
    if ([dataToConvert length] == 0)
        return @"";

    char *characters = malloc((([dataToConvert length] + 2) / 3) * 4);
    if (characters == NULL)
        return nil;

    NSUInteger length = 0;

    NSUInteger i = 0;
    while (i < [dataToConvert length])
    {
        char buffer[3] = {0,0,0};
        short bufferLength = 0;
        while (bufferLength < 3 && i < [dataToConvert length])
            buffer[bufferLength++] = ((char *)[dataToConvert bytes])[i++];

        //  Encode the bytes in the buffer to four characters, including padding "=" characters if necessary.
        characters[length++] = encodingTable[(buffer[0] & 0xFC) >> 2];
        characters[length++] = encodingTable[((buffer[0] & 0x03) << 4) | ((buffer[1] & 0xF0) >> 4)];
        if (bufferLength > 1)
            characters[length++] = encodingTable[((buffer[1] & 0x0F) << 2) | ((buffer[2] & 0xC0) >> 6)];
        else characters[length++] = '=';
        if (bufferLength > 2)
            characters[length++] = encodingTable[buffer[2] & 0x3F];
        else characters[length++] = '=';    
    }

    return [[[NSString alloc] initWithBytesNoCopy:characters length:length encoding:NSASCIIStringEncoding freeWhenDone:YES] autorelease];
}

- (NSData*)base64DecodeString:(NSString *)string
{
    if (string == nil)
        [NSException raise:NSInvalidArgumentException format:nil];
    if ([string length] == 0)
        return [NSData data];

    static char *decodingTable = NULL;
    if (decodingTable == NULL)
    {
        decodingTable = malloc(256);
        if (decodingTable == NULL)
            return nil;
        memset(decodingTable, CHAR_MAX, 256);
        NSUInteger i;
        for (i = 0; i < 64; i++)
            decodingTable[(short)encodingTable[i]] = i;
    }

    const char *characters = [string cStringUsingEncoding:NSASCIIStringEncoding];
    if (characters == NULL)     //  Not an ASCII string!
        return nil;
    char *bytes = malloc((([string length] + 3) / 4) * 3);
    if (bytes == NULL)
        return nil;
    NSUInteger length = 0;

    NSUInteger i = 0;
    while (YES)
    {
        char buffer[4];
        short bufferLength;
        for (bufferLength = 0; bufferLength < 4; i++)
        {
            if (characters[i] == '\0')
                break;
            if (isspace(characters[i]) || characters[i] == '=')
                continue;
            buffer[bufferLength] = decodingTable[(short)characters[i]];
            if (buffer[bufferLength++] == CHAR_MAX)      //  Illegal character!
            {
                free(bytes);
                return nil;
            }
        }

        if (bufferLength == 0)
            break;
        if (bufferLength == 1)      //  At least two characters are needed to produce one byte!
        {
            free(bytes);
            return nil;
        }

        //  Decode the characters in the buffer to bytes.
        bytes[length++] = (buffer[0] << 2) | (buffer[1] >> 4);
        if (bufferLength > 2)
            bytes[length++] = (buffer[1] << 4) | (buffer[2] >> 2);
        if (bufferLength > 3)
            bytes[length++] = (buffer[2] << 6) | buffer[3];
    }

    realloc(bytes, length);

    return [NSData dataWithBytesNoCopy:bytes length:length];
}

#pragma mark -
#pragma mark Singleton methods
- (id)init
{
    if(self = [super init])
    {
        symmetricKey = [[NSData dataWithBytes:kKeyBytes length:sizeof(kKeyBytes)] retain];
    }
    return self;
}

+ (CryptoHelper*)sharedInstance
{
    @synchronized(self)
    {
        if (MyCryptoHelper == nil)
        {
            [[self alloc] init];
        }
    }
    return MyCryptoHelper;
}

+ (id)allocWithZone:(NSZone *)zone
{
    @synchronized(self)
    {
        if (MyCryptoHelper == nil)
        {
            MyCryptoHelper = [super allocWithZone:zone];
            return MyCryptoHelper;  // assignment and return on first allocation
        }
    }
    return nil; // on subsequent allocation attempts return nil
}

- (id)copyWithZone:(NSZone *)zone
{
    return self;
}

- (id)retain
{
    return self;
}

- (unsigned)retainCount
{
    return UINT_MAX;  // denotes an object that cannot be released
}

- (void)release
{
    //do nothing
}

- (id)autorelease
{
    return self;
}

@end

以下のコードは上記の呼び出し元です。

    -(NSString *) getUsername
    {
        NSString *usernameString = NULL;

        // Data.plist code
        // get paths from root direcory
        NSArray *paths = NSSearchPathForDirectoriesInDomains (NSDocumentDirectory, NSUserDomainMask, YES);
        // get documents path
        NSString *documentsPath = [paths objectAtIndex:0];
        // get the path to our Data/plist file
        NSString *plistPath = [documentsPath stringByAppendingPathComponent:LOGIN_PLIST];

        // check to see if Data.plist exists in documents
        if (![[NSFileManager defaultManager] fileExistsAtPath:plistPath]) 
        {
            // if not in documents, get property list from main bundle
            plistPath = [[NSBundle mainBundle] pathForResource:@"LoginInfo" ofType:@"plist"];
        }

        // read property list into memory as an NSData object
        NSData *plistXML = [[NSFileManager defaultManager] contentsAtPath:plistPath];
        NSString *errorDesc = nil;
        NSPropertyListFormat format;
        // convert static property liost into dictionary object
        NSDictionary *temp = (NSDictionary *)[NSPropertyListSerialization propertyListFromData:plistXML mutabilityOption:NSPropertyListMutableContainersAndLeaves format:&format errorDescription:&errorDesc];
        if (!temp) 
        {
            //NSLog(@"Error reading plist: %@, format: %lu", errorDesc, format);
        }
        else
        {
            NSString *nameStr=[temp objectForKey:@"Username"];    

            NSLog(@"nameStr: %@",nameStr);

            // do AES128 decryption
            CryptoHelper *pCrypto = [CryptoHelper sharedInstance];
            usernameString = [pCrypto decryptString:nameStr];
// usernameString becomes empty after when encryption and trying to decrypt.
            NSLog(@"usernameString: %@: usernameString length: %ld", usernameString, [usernameString length] );

        }

        return usernameString;
    }
4

2 に答える 2

1

コードは、Apple の'CryptoExercise' exampleのSecKeyWrapperクラスに基づいています。doCipher メソッドを使用しているときに、同じエラー メッセージが表示されました。

この場合、' -4301 ' は、タイプCCryptorStatusの値を返すCCCryptoFinalの呼び出し後の ccStatus 変数の値です。CommonCryptor.h で次のように定義されています。

enum {
    kCCSuccess          = 0,
    kCCParamError       = -4300,
    kCCBufferTooSmall   = -4301,
    kCCMemoryFailure    = -4302,
    kCCAlignmentError   = -4303,
    kCCDecodeError      = -4304,
    kCCUnimplemented    = -4305
};

CCCryptorFinalのドキュメントが示唆するように、そのサイズはCCCryptorGetOutputLengthを介して決定されるため、どうにかして doCipher メソッドで作成されたバッファが小さすぎます。これは奇妙です。

@result kCCBufferTooSmall indicates insufficent space in the dataOut buffer.
        The caller can use CCCryptorGetOutputLength() to determine the required
        output buffer size in this case. The operation can be retried; no state is
        lost when this is returned.

Apple の例の SecKeyWrapper クラスにはバグがないという予感がします。問題を解決できるかどうか、または iPhone で AES 暗号化を行う別の方法を見つけられるかどうかを確認します。Rob Napier と Mugunth Kumar の著書「iOS 5 プログラミング - 限界に挑む」に説明とサンプル コードがあります。また、著者は、developer.apple.comで入手できる 2 つの WWDC セッションを推奨しています。

  • WWDC 2010、「セッション 204: 安全なアプリケーションの作成」
  • WWDC 2011、「セッション 208: iOS アプリケーションの保護」

編集:

エラーが見つかりました。doCipherメソッド内にあります。次の行を置き換えるだけです。

// We don't want to toss padding on if we don't need to
   if(encryptOrDecrypt == kCCEncrypt)
   {
       if(*pkcs7 != kCCOptionECBMode)
       {
           if((plainTextBufferSize % kCCBlockSizeAES128) == 0)
           {
               *pkcs7 = 0x0000;
           }
           else
           {
               *pkcs7 = kCCOptionPKCS7Padding;
           }
       }
   }
   else if(encryptOrDecrypt != kCCDecrypt)
   {
       LOGGING_FACILITY1( 0, @"Invalid CCOperation parameter [%d] for cipher context.", *pkcs7 );
   }

次の行で:

// check for valid context parameter
if (encryptOrDecrypt != kCCEncrypt && encryptOrDecrypt != kCCDecrypt) {
    LOGGING_FACILITY1( 0, @"Invalid CCOperation parameter [%d] for cipher context.", encryptOrDecrypt );
}

Ortwin が以下で指摘したように、後続の CCCryptorCreate 呼び出しの 3 番目のパラメーターを常に kCCOptionPKCS7Padding に置き換える必要があります。

// Create and Initialize the crypto reference.
ccStatus = CCCryptorCreate( encryptOrDecrypt,
                           kCCAlgorithmAES128,
                           kCCOptionPKCS7Padding,
                           (const void *)[theSymmetricKey bytes],
                           kCCKeySizeAES128,
                           (const void *)iv,
                           &thisEncipher
                           );
于 2012-06-01T13:49:43.007 に答える