我正在尝试使用AES-GCM。我的加密代码有效,但是当我尝试使用相同的IV和密钥加密相同的纯文本时,我得到了相同的结果。我对GCM代码:AES GCM/CTR相同的输出
EVP_CIPHER_CTX *ctx;
int outlen, tmplen;
unsigned char outbuf[1024];
ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, sizeof(gcm_iv), NULL);
EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
EVP_EncryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));
EVP_EncryptUpdate(ctx, outbuf, &outlen, gcm_pt, sizeof(gcm_pt));
printf("Ciphertext:\n");
BIO_dump_fp(stdout, outbuf, outlen);
EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, outbuf);
printf("\n\n\n");
EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, sizeof(gcm_iv), NULL);
EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
EVP_EncryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));
EVP_EncryptUpdate(ctx, outbuf2, &outlen2, gcm_pt, sizeof(gcm_pt));
printf("Ciphertext:\n");
BIO_dump_fp(stdout, outbuf2, outlen2);
EVP_EncryptFinal_ex(ctx, outbuf2, &outlen2);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, outbuf2);
EVP_CIPHER_CTX_free(ctx);
如果第二加密我会删除init_ex,ctx_ctrl等,我的密文将是一个空字符串。
但是,如果我将使用EVP_aes_256_ctr,那么下一次加密将给我新的密文。对于EVP_aes_256_ctr代码:
EVP_CIPHER_CTX *ctx;
int outlen, tmplen;
unsigned char outbuf[1024];
ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_aes_256_ctr(), NULL, NULL, NULL);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, sizeof(gcm_iv), NULL);
EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
EVP_EncryptUpdate(ctx, outbuf, &outlen, gcm_pt, sizeof(gcm_pt));
BIO_dump_fp(stdout, outbuf, outlen);
EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
printf("\n\n\n");
EVP_EncryptUpdate(ctx, outbuf, &outlen, gcm_pt, sizeof(gcm_pt));
printf("Ciphertext:\n");
BIO_dump_fp(stdout, outbuf, outlen);
EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
EVP_CIPHER_CTX_free(ctx);
我的理解这两种模式在计数器模式下工作,所以计数器会做出不同的cyphers为同一IV,重点,明文。那么为什么在GCM模式下密文是一样的呢?
为什么不期望用相同的密钥和IV来加密相同的明文以产生相同的值?你想重复明文作为第二个块吗? – Davislor
是的。我预计数据会重复。正如我理解我的安全不会被破坏密码必须不同 – user2123079