将IOS中加密的JSON数据发送到PHP进行解密

我有一个函数，它要求我将一个加密的JSON实例发送到PHP服务器进行验证。我在尝试启动整个流程并运行时遇到了一个问题，为了找出问题所在，我头脑混乱

-(void) sendData:(NSString*)theweb{  
        //preparing sample json        
        NSMutableDictionary * dict = [[NSMutableDictionary alloc]init];
        [dict setObject:@"test" forKey:@"example"];
        [dict setObject:@"1" forKey:@"p"];
        [dict setObject:@"yourPostMessage" forKey:@"test"];
        [dict setObject:@"isNotReal" forKey:@"this"];

        //json creation
        NSData* data2 = [JSONBuilder toJSON:dict];

        NSString * jsonstring = [[NSString alloc]initWithData:data2 encoding:NSUTF8StringEncoding];

        //creating a dummy sha256 hash for aes256 key.
        NSString * string3 = [self sha256HashFor:@"hello"];

        //trimming hash to 32 character key.
        string3 = [string3 substringToIndex:32];

        //encrypting data to aes256
        data2 = [data2 AES256EncryptWithKey:string3];

        NSString * b64= [data2 base64EncodedString];

        NSString *post = [NSString stringWithFormat:@"theRealData=%@",b64];
        NSData *postData = [post dataUsingEncoding:NSUTF8StringEncoding allowLossyConversion:NO];

        requestObj = nil;

        //NSMutableRequest
        requestObj = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:theweb]];

        NSString *postLength =  [NSString stringWithFormat:@"%d", [postData length]];

        [requestObj setValue:@"application/x-www-form-urlencoded;charset=charset=us-ascii" forHTTPHeaderField:@"Content-Type"];

        [requestObj setValue:postLength forHTTPHeaderField:@"Content-Length"];

        [requestObj setHTTPMethod:@"POST"];
        [requestObj setHTTPBody:postData];

        //calling a new NSURLConnection
        conn = nil;
        conn = [NSURLConnection connectionWithRequest:requestObj delegate:self];

        [conn start];        

}

此函数中使用的方法如下：

+(NSData*)toJSON :(NSMutableDictionary*)dictionary
{
    NSError* error = nil;
    id result = [NSJSONSerialization dataWithJSONObject:dictionary options:kNilOptions error:&error];
    if (error != nil) return nil;
    return result;
}

-(NSString*)sha256HashFor:(NSString*)input
{
    const char* str = [input UTF8String];
    unsigned char result[CC_SHA256_DIGEST_LENGTH];
    CC_SHA256(str, strlen(str), result);

    NSMutableString *ret = [NSMutableString stringWithCapacity:CC_SHA256_DIGEST_LENGTH*2];
    for(int i = 0; i<CC_SHA256_DIGEST_LENGTH; i++)
    {
        [ret appendFormat:@"%02x",result[i]];
    }
    return ret;
}

- (NSData *)AES256EncryptWithKey:(NSString *)key {
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise
    char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused)
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

    // fetch key data
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

    NSUInteger dataLength = [self length];

    //See the doc: For block ciphers, the output size will always be less than or
    //equal to the input size plus the size of one block.
    //That's why we need to add the size of one block here
    size_t bufferSize = dataLength + kCCBlockSizeAES128;
    void *buffer = malloc(bufferSize);

    size_t numBytesEncrypted = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                      keyPtr, kCCKeySizeAES256,
                                      NULL /* initialization vector (optional) */,
                                      [self bytes], dataLength, /* input */
                                      buffer, bufferSize, /* output */
                                      &numBytesEncrypted);
    if (cryptStatus == kCCSuccess) {
    //the returned NSData takes ownership of the buffer and will free it on deallocation
        return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
    }

    free(buffer); //free the buffer;
    return nil;
    }

以下是我的发现：

Output of Base64 string(Gotten on both sides):
    UalnWmRiMQv8z4mEm+6B3HFSbiDwWcK1LYPhk6jDq+DiwYzvxqoZuDnlJUAjWbX6sQepiL8fb8/JQ0NXhQocglIcJN759AbpVSsbiXmwL78=
Output of vardump on base64_decode on PHP side:
    BOOL(false)
Output of vardump on $result: none

不知何故，我觉得问题在于编码。有人能在这方面指导我吗？我不知所措。

在您的PHP代码中：

$result = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($data), 'ecb');

在您的iOS代码中：

CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                  keyPtr, kCCKeySizeAES256,
                                  NULL /* initialization vector (optional) */,
                                  [self bytes], dataLength, /* input */
                                  buffer, bufferSize, /* output */
                                  &numBytesEncrypted);

需要明确的是，

kCCOptionPKCS7Padding

是CBC模式标志，而不是ECB模式标志

我认为这里有两个bug：

您需要从iOS中下载

urlencode（）

（或等效文件），以防止

+

成为空格字符

您正在加密CBC模式和解密ECB模式。这将给您提供不正确的数据

您需要对算法进行以下更改：

加密

生成一个16字节的随机字符串

将其用作初始化向量（IV）

加密后，计算IV和密文的HMAC-SHA256

在信息中包含IV和HMAC输出

解密

重新计算收到的IV和密文的HMAC-SHA256

使用

hash_equals（）

将其与给定的HMAC进行比较。如果失败，抛出异常

如果步骤2通过，则使用AES-CBC模式解密（给定IV）

---

---

或者，您可能希望切换到或进行加密，并将PHP更新为7.2+，并使用

Na钠*

函数进行解密。

IOS中的AES256和PHP中的Rijndael128-但是为什么？您的

+

字符是否被编码为空格字符（``）？在将数据发送到PHP时，您可能会成为URL编码的受害者。

CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                  keyPtr, kCCKeySizeAES256,
                                  NULL /* initialization vector (optional) */,
                                  [self bytes], dataLength, /* input */
                                  buffer, bufferSize, /* output */
                                  &numBytesEncrypted);