Delphi (FMX): DCPCrypt2 in Windows produces different result in Android/IOS

雨燕双飞 提交于 2019-12-08 02:34:14

问题


I am trying to write a function that returns the same result in Delphi (RAD Studio 10.2) as the following piece of code in PHP:

<?php
  $method = 'AES-256-CTR';
  $data = 'Hello, world!';
  $key = 'bRuD5WYw5wd0rdHR9yLlM6wt2vteuini';
  $vector = 'bf49ea9d61104d8c'; 
  $crypt = openssl_encrypt($data, $method, $key, 0, $vector);
  echo $crypt;
?>

I have come up with this function in Pascal (using the DCPcrypt v2.1 library written by David Barton):

procedure TMainForm.Encrypt1ButtonClick(Sender: TObject);
var
  Cipher: TDCP_rijndael;
  Key, Vector: RawByteString;
  Data, Crypt: RawByteString;
begin
  Data := 'Hello, world!';                    
  SetLength(Crypt, Length(Data));
  Key := 'bRuD5WYw5wd0rdHR9yLlM6wt2vteuini';  
  Vector := 'bf49ea9d61104d8c';               
  Cipher := TDCP_rijndael.Create(nil);
  try
    Cipher.Init(Key[1], 256, @Vector[1]);
    Cipher.EncryptCTR(Data[1], Crypt[1], Length(Data));
  finally
    Cipher.Free;
  end;
  EncryptEdit.Text := DCPBase64.Base64EncodeStr(Crypt);
end;

And indeed this works (in Windows). Both PHP and Pascal return: pEP16OOxov9QDfraIg==

However, if I compile the same code for Android and run it on my tablet, I get a very different result. Why is that?

I did read the documentation about converting code for fmx, specifically the stuff that deals with string handling, but I still don't understand why. Even if RawByteString would be 0-based instead of 1-based, I still get a difference (tried with [0] instead of [1]). A RawByteString does not have a codepage attached, right? So the problem can't be caused by some string conversion (I think). So what is going on here?


回答1:


After working on this for 3 days, I finally got it working. The key was to completely eliminate the use of strings and only use the TBytes based routines in DCPCrypt. The code below is a test program for testing all the different chaining modes that DCPCrypt supports. I also added a function that implements the four padding modes I found here (for use with CBC and ECB): https://en.wikipedia.org/wiki/Padding_(cryptography) as well as zero padding and random padding. I chose not to use DCPCrypt's own Base64 functions, because they turned out not to be compatible with FMX. Instead I use their counterparts from the System.NetEncoding unit. Please, I consider myself to be just an average programmer, so I expect the true Delphi wizzards among you to find lots to criticize. But that's ok. I will adapt the code if good feedback is given. As it is now, the code works and produces results that are compatible with PHP's openssl functions (tested with CTR mode). I only post this here in the hopes that it might be useful to someone looking for the same solution I was.

    unit MainUnit;

    interface

    uses
      System.SysUtils, System.Types, System.UITypes, System.Classes, System.Variants, System.NetEncoding,
      FMX.Types, FMX.Controls, FMX.Forms, FMX.Graphics, FMX.Dialogs, FMX.StdCtrls, FMX.Layouts,
      FMX.ScrollBox, FMX.Memo, FMX.Edit, FMX.Controls.Presentation,
      DCPcrypt2, DCPsha256, DCPblockciphers, DCPrijndael;

    type
      TChainingMode = (cmCBC, cmCFB8bit, cmCFBblock, cmOFB, cmCTR, cmECB);
      TPaddingMode = (pmZeroPadding, pmANSIX923, pmISO10126, pmISO7816, pmPKCS7, pmRandomPadding);

    type
      TMainForm = class(TForm)
        ScrollBox: TScrollBox;
        KeySizeLabel: TLabel;
        ChainingLabel: TLabel;
        EncodingLabel: TLabel;
        PaddingLabel: TLabel;
        KeyLabel: TLabel;
        InitVectorLabel: TLabel;
        DataLabel: TLabel;
        DecryptedLabel: TLabel;
        CipherLabel: TLabel;
        EncryptedLabel: TLabel;
        rbRijndael: TRadioButton;
        rb128bit: TRadioButton;
        rb256bit: TRadioButton;
        rbANSI: TRadioButton;
        rbUTF8: TRadioButton;
        rbUnicode: TRadioButton;
        rbCBC: TRadioButton;
        rbOFB: TRadioButton;
        rbCTR: TRadioButton;
        rbECB: TRadioButton;
        rbCFB8bit: TRadioButton;
        rbCFBblock: TRadioButton;
        rbZeroPadding: TRadioButton;
        rbANSIX923: TRadioButton;
        rbISO10126: TRadioButton;
        rbISO7816: TRadioButton;
        rbPKCS7: TRadioButton;
        rbRandomPadding: TRadioButton;
        KeyEdit: TEdit;
        InitVectorEdit: TEdit;
        DataMemo: TMemo;
        EncryptedMemo: TMemo;
        DecryptedMemo: TMemo;
        EncryptButton: TButton;
        DecryptButton: TButton;
        procedure FormCreate(Sender: TObject);
        procedure EncryptButtonClick(Sender: TObject);
        procedure DecryptButtonClick(Sender: TObject);
      public
        procedure GetOptions(var Key: TBytes; var KeySize: integer; var InitVector: TBytes;
                  var Encoding: TEncoding; var ChainingMode: TChainingMode; var PaddingMode: TPaddingMode);
      end;

    var
      MainForm: TMainForm;

    implementation

    {$R *.fmx}
    {$R *.LgXhdpiPh.fmx ANDROID}

    function BytesToHex(B: TBytes): string;
    var
      I: integer;
    begin
      Result := '';
      for I := Low(B) to High(B) do Result := Result + IntToHex(B[I]) + ' ';
    end;

    procedure BytePadding(var Data: TBytes; BlockSize: integer; PaddingMode: TPaddingMode);
    // Supports: ANSI X.923, ISO 10126, ISO 7816, PKCS7, zero padding and random padding
    var
      I, DataBlocks, DataLength, PaddingStart, PaddingCount: integer;
    begin
      BlockSize := BlockSize div 8; // convert bits to bytes
      // Zero and Random padding do not use end-markers, so if Length(Data) is a multiple of BlockSize, no padding is needed
      if PaddingMode in [pmZeroPadding, pmRandomPadding] then
        if Length(Data) mod BlockSize = 0 then Exit;
      DataBlocks := (Length(Data) div BlockSize) + 1;
      DataLength := DataBlocks * BlockSize;
      PaddingCount := DataLength - Length(Data);
      // ANSIX923, ISO10126 and PKCS7 store the padding length in a 1 byte end-marker, so any padding length > $FF is not supported
      if PaddingMode in [pmANSIX923, pmISO10126, pmPKCS7] then
        if PaddingCount > $FF then Exit;
      PaddingStart := Length(Data);
      SetLength(Data, DataLength);
      case PaddingMode of
        pmZeroPadding, pmANSIX923, pmISO7816: // fill with $00 bytes
          FillChar(Data[PaddingStart], PaddingCount, 0);
        pmPKCS7: // fill with PaddingCount bytes
          FillChar(Data[PaddingStart], PaddingCount, PaddingCount);
        pmRandomPadding, pmISO10126: // fill with random bytes
          for I := PaddingStart to DataLength-1 do Data[I] := Random($FF);
      end;
      case PaddingMode of
        pmANSIX923, pmISO10126:
          Data[DataLength-1] := PaddingCount; // set end-marker with number of bytes added
        pmISO7816:
          Data[PaddingStart] := $80; // set fixed end-markder $80
      end;
    end;

    procedure EncryptAES(const Data: TBytes; var Crypt: TBytes; const Key: TBytes; KeySize: integer;
        const InitVector: TBytes; ChainingMode: TChainingMode; PaddingMode: TPaddingMode); overload;
    var
      Cipher: TDCP_rijndael;
    begin
      Cipher := TDCP_rijndael.Create(nil);
      try
        Cipher.Init(Key[0], KeySize, @InitVector[0]);
        // Copy Data => Crypt
        Crypt := Copy(Data, 0, Length(Data));
        // Padd Crypt to required length (for Block based algorithms)
        if ChainingMode in [cmCBC, cmECB] then
          BytePadding(Crypt, Cipher.BlockSize, PaddingMode);
        // Encrypt Crypt using the algorithm specified in ChainingMode
        case ChainingMode of
          cmCBC: Cipher.EncryptCBC(Crypt[0], Crypt[0], Length(Crypt));
          cmCFB8bit: Cipher.EncryptCFB8bit(Crypt[0], Crypt[0], Length(Crypt));
          cmCFBblock: Cipher.EncryptCFBblock(Crypt[0], Crypt[0], Length(Crypt));
          cmOFB: Cipher.EncryptOFB(Crypt[0], Crypt[0], Length(Crypt));
          cmCTR: Cipher.EncryptCTR(Crypt[0], Crypt[0], Length(Crypt));
          cmECB: Cipher.EncryptECB(Crypt[0], Crypt[0]);
        end;

      finally
        Cipher.Free;
      end;
    end;

    procedure DecryptAES(const Crypt: TBytes; var Data: TBytes; const Key: TBytes; KeySize: integer;
        const InitVector: TBytes; ChainingMode: TChainingMode; PaddingMode: TPaddingMode); overload;
    var
      Cipher: TDCP_rijndael;
      I: integer;
    begin
      Cipher := TDCP_rijndael.Create(nil);
      try
        Cipher.Init(Key[0], KeySize, @InitVector[0]);
        // Copy Crypt => Data
        Data := Copy(Crypt, 0, Length(Crypt));
        // Decrypt Data using the algorithm specified in ChainingMode
        case ChainingMode of
          cmCBC: Cipher.DecryptCBC(Data[0], Data[0], Length(Data));
          cmCFB8bit: Cipher.DecryptCFB8bit(Data[0], Data[0], Length(Data));
          cmCFBblock: Cipher.DecryptCFBblock(Data[0], Data[0], Length(Data));
          cmOFB: Cipher.DecryptOFB(Data[0], Data[0], Length(Data));
          cmCTR: Cipher.DecryptCTR(Data[0], Data[0], Length(Data));
          cmECB: Cipher.DecryptECB(Data[0], Data[0]);
        end;
        // Correct the length of Data, based on the used PaddingMode (only for Block based algorithms)
        if ChainingMode in [cmCBC, cmECB] then
          case PaddingMode of
            pmANSIX923, pmISO10126, pmPKCS7: // these modes store the original Padding count in the last byte
              SetLength(Data, Length(Data) - Data[Length(Data)-1]);
            pmISO7816: // this mode uses a fixed end-marker. Find it and correct length accordingly.
              for I := Length(Data)-1 downto 0 do
                if Data[I] = $80 then
                begin
                  SetLength(Data, I);
                  Break;
                end;
          end;

      finally
        Cipher.Free;
      end;
    end;

    procedure TMainForm.FormCreate(Sender: TObject);
    begin
      EncryptedMemo.Lines.Clear;
      DecryptedMemo.Lines.Clear;
    end;

    procedure TMainForm.GetOptions(var Key: TBytes; var KeySize: integer; var InitVector: TBytes;
              var Encoding: TEncoding; var ChainingMode: TChainingMode; var PaddingMode: TPaddingMode);
    begin
      KeySize := 256;
      Encoding := TEncoding.ANSI;
      ChainingMode := cmCBC;
      PaddingMode := pmPKCS7;

      if rb128bit.IsChecked then KeySize := 128;
      if rb256bit.IsChecked then KeySize := 256;

      if rbCBC.IsChecked then ChainingMode := cmCBC;
      if rbCFB8bit.IsChecked then ChainingMode := cmCFB8bit;
      if rbCFBblock.IsChecked then ChainingMode := cmCFBblock;
      if rbOFB.IsChecked then ChainingMode := cmOFB;
      if rbCTR.IsChecked then ChainingMode := cmCTR;
      if rbECB.IsChecked then ChainingMode := cmECB;

      if rbZeroPadding.IsChecked then PaddingMode := pmZeroPadding;
      if rbANSIX923.IsChecked then PaddingMode := pmANSIX923;
      if rbISO10126.IsChecked then PaddingMode := pmISO10126;
      if rbISO7816.IsChecked then PaddingMode := pmISO7816;
      if rbPKCS7.IsChecked then PaddingMode := pmPKCS7;
      if rbRandomPadding.IsChecked then PaddingMode := pmRandomPadding;

      if rbANSI.IsChecked then Encoding := TEncoding.ANSI;
      if rbUTF8.IsChecked then Encoding := TEncoding.UTF8;
      if rbUnicode.IsChecked then Encoding := TEncoding.Unicode;

      Key := Encoding.GetBytes(KeyEdit.Text);
      InitVector := Encoding.GetBytes(InitVectorEdit.Text);
    end;

    procedure TMainForm.EncryptButtonClick(Sender: TObject);
    var
      Keysize: integer;
      Encoding: TEncoding;
      ChainingMode: TChainingMode;
      PaddingMode: TPaddingMode;
      Key, InitVector, Data, Crypt: TBytes;
    begin
      GetOptions(Key, KeySize, InitVector, Encoding, ChainingMode, PaddingMode);
      Data := Encoding.GetBytes(DataMemo.Text);
      EncryptAES(Data, Crypt, Key, KeySize, InitVector, ChainingMode, PaddingMode);
      EncryptedMemo.Text := TNetEncoding.Base64.EncodeBytesToString(Crypt);
    end;

    procedure TMainForm.DecryptButtonClick(Sender: TObject);
    var
      Keysize: integer;
      Encoding: TEncoding;
      ChainingMode: TChainingMode;
      PaddingMode: TPaddingMode;
      Key, InitVector, Data, Crypt: TBytes;
    begin
      GetOptions(Key, KeySize, InitVector, Encoding, ChainingMode, PaddingMode);
      Crypt := TNetEncoding.Base64.DecodeStringToBytes(EncryptedMemo.Text);
      DecryptAES(Crypt, Data, Key, KeySize, InitVector, ChainingMode, PaddingMode);
      DecryptedMemo.Text := Encoding.GetString(Data);
    end;

    end.



回答2:


Android strings start from position 0. You can use low(Data) that will return the first character of string, also the library internally uses string from position 1, that won't run in android or ios. For multi-platform we shouldn't use for i:=1 to length(string) instead we should use for l in string

I think LockBox3 should solve your problem.



来源:https://stackoverflow.com/questions/43523262/delphi-fmx-dcpcrypt2-in-windows-produces-different-result-in-android-ios

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!