drfrvbq736383 2013-05-10 19:27
浏览 271
已采纳

使用PHP解密AES CTR Little Endian

I'm having trouble using PHP to decrypt strings that were encrypted with iOS 5.x's CommonCrypto libraries. Here are the parameters:

Algorithm: AES-128
Mode: CTR
Mode options: CTR Little-Endian
Padding: None

Here's a sample of my best attempt at it:

<?php
$encrypted = base64_decode('MlNFlnXE1sqIsmKZRtjChBvUMgiJlXgdjHVxQJ6JK24Id4uaN9NK/nBtY+cgrMJR/PRJRCmIUx0boQO5XqJYZ8VJ0w==');
$key = base64_decode('HB+dD1Irj2rXQ/nO+IuqSiK9xVE3PD9cZGIGzrMtwtA=');
$iv = base64_decode('2gxxKYU/G4lj7174e5wj+g==');

$cryptor = mcrypt_module_open('rijndael-128', '', 'ctr', '');
mcrypt_generic_init($cryptor, $key, $iv);
echo mdecrypt_generic($cryptor, $encrypted);

mcrypt_generic_deinit($cryptor);
mcrypt_module_close($cryptor);

The output looks like this:

Lorem ipsum dolo?N??]ѕȢ?+?
                                             ????x??k????}??'???Ŧ??;t

But it should be "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do..." (trailing ellipsis included.)

The block size is 16, and it's getting the first 16 characters right. This seems to point to a mismatch in the AES CTR counter-incrementing process between Mcrypt and CommonCrypto. Everybody I've heard from so far has suggested it's an issue of Big Endian vs. Little Endian.

I've spent days trying to figure out all this endianness and counter-incrementing stuff on my own, but it's still voodoo to me. :-( I just need some PHP code that properly decrypts my string. I don't care how fast the algorithm works. I'm open to ditching Mcrypt in favor of a PHP-native solution or some other PHP extension, as long as it's a common one. However, changing things on the iOS side is not an option.

Please help!

  • 写回答

2条回答 默认 最新

  • douxie9471 2013-05-18 10:40
    关注

    Block cipher modes are really simple, you can just implement them yourself if two implementations aren't compatible.

    Here is a CTR implementation for your particular case:

    function ctr_crypt($str, $key, $iv) {
    $numOfBlocks = ceil(strlen($str) / 16);

    $ctrStr = '';
    for ($i = 0; $i < $numOfBlocks; ++$i) {
        $ctrStr .= $iv;

        // increment IV
        for ($j = 0; $j < 16; ++$j) {
            $n = ord($iv[$j]);
            if (++$n == 0x100) {
                // overflow, set this one to 0, increment next
                $iv[$j] = "\0";
            } else {
                // no overflow, just write incremented number back and abort
                $iv[$j] = chr($n);
                break;
            }
        }
    }

    return $str ^ mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $ctrStr, MCRYPT_MODE_ECB);
}

    The algorithm is very simple: You always append and increment the IV until you have a string that is longer (or of equal length) as the input string. Then you encrypt this string using ECB mode and XOR it with the input string.

    The incrementation is the complicated part here, because we are dealing with a number in binary. Little Endian means we increment from left to right (j = 0, j < 16, j++). Big Endian would mean that we increment from right to left (j = 15, j >= 0, j--).

    Try it out:

    $encrypted = base64_decode('MlNFlnXE1sqIsmKZRtjChBvUMgiJlXgdjHVxQJ6JK24Id4uaN9NK/nBtY+cgrMJR/PRJRCmIUx0boQO5XqJYZ8VJ0w==');
$key = base64_decode('HB+dD1Irj2rXQ/nO+IuqSiK9xVE3PD9cZGIGzrMtwtA=');
$iv = base64_decode('2gxxKYU/G4lj7174e5wj+g==');

var_dump(ctr_crypt($encrypted, $key, $iv));
// string(67) "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do..."

    Note: ctr_crypt works both as an encryption and as a decryption function.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 我要一个分身加定位两个功能的安卓app
  • ¥15 基于FOC驱动器,如何实现卡丁车下坡无阻力的遛坡的效果
  • ¥15 IAR程序莫名变量多重定义
  • ¥15 (标签-UDP|关键词-client)
  • ¥15 关于库卡officelite无法与虚拟机通讯的问题
  • ¥15 目标检测项目无法读取视频
  • ¥15 GEO datasets中基因芯片数据仅仅提供了normalized signal如何进行差异分析
  • ¥100 求采集电商背景音乐的方法
  • ¥15 数学建模竞赛求指导帮助
  • ¥15 STM32控制MAX7219问题求解答