RijndaelManaged 的 AES OFB 加密答案

【问题标题】：AES OFB encryption for RijndaelManagedRijndaelManaged 的 AES OFB 加密
【发布时间】：2014-08-22 07:46:05
【问题描述】：

我需要在 OFB 模式下通过加密消息从 C# 应用程序与另一个应用程序进行通信。我知道RijndaelManaged 不支持AES OFB 模式。有没有比我更有经验的人知道使用 OFB 模式加密/解密的任何其他方式？

【问题讨论】：

你能明确你的平台要求吗？好像有OFB mode implemented in 4.5
请注意，您不需要在标题中提及语言，但您应该使用标签来指明它。否则不会提醒关注这些标签的人。
CipherMode.OFB 对所有框架都有效，我将“其他版本”更改为“.NET Framework 1.1”并列出了 OFB。但是在使用它时，我收到类似于“指定密码模式对此算法无效”的错误，我使用的是 VS 2013，目标框架设置为“.NET Framework 4.5”
对于“AesCryptoServiceProvider”我也得到：“System.Security.Cryptography.CryptographicException”-“发生内部错误。”
另见stackoverflow.com/questions/4252411/does-net-support-of-aes-ofb

标签： c# .net aes rijndaelmanaged

【解决方案1】：

以下流通过使用由零馈 CBC 密码流生成的密钥流来实现 OFB。

public class OFBStream : Stream
{
    private const int BLOCKS = 16;
    private const int EOS = 0; // the goddess of dawn is found at the end of the stream

    private Stream parent;
    private CryptoStream cbcStream;
    private CryptoStreamMode mode;
    private byte[] keyStreamBuffer;
    private int keyStreamBufferOffset;
    private byte[] readWriteBuffer;

    public OFBStream (Stream parent, SymmetricAlgorithm algo, CryptoStreamMode mode)
    {
        if (algo.Mode != CipherMode.CBC)
            algo.Mode = CipherMode.CBC;
        if (algo.Padding != PaddingMode.None)
            algo.Padding = PaddingMode.None;
        this.parent = parent;
        this.cbcStream = new CryptoStream (new ZeroStream (), algo.CreateEncryptor (), CryptoStreamMode.Read);
        this.mode = mode;
        keyStreamBuffer = new byte[algo.BlockSize * BLOCKS];
        readWriteBuffer = new byte[keyStreamBuffer.Length];
    }

    public override int Read (byte[] buffer, int offset, int count)
    {
        if (!CanRead) {
            throw new NotSupportedException ();
        }

        int toRead = Math.Min (count, readWriteBuffer.Length);
        int read = parent.Read (readWriteBuffer, 0, toRead);
        if (read == EOS)
            return EOS;

        for (int i = 0; i < read; i++) {
            // NOTE could be optimized (branches for each byte)
            if (keyStreamBufferOffset % keyStreamBuffer.Length == 0) {
                FillKeyStreamBuffer ();
                keyStreamBufferOffset = 0;
            }

            buffer [offset + i] = (byte)(readWriteBuffer [i]
                ^ keyStreamBuffer [keyStreamBufferOffset++]);
        }

        return read;
    }

    public override void Write (byte[] buffer, int offset, int count)
    {
        if (!CanWrite) {
            throw new NotSupportedException ();
        }

        int readWriteBufferOffset = 0;
        for (int i = 0; i < count; i++) {
            if (keyStreamBufferOffset % keyStreamBuffer.Length == 0) {
                FillKeyStreamBuffer ();
                keyStreamBufferOffset = 0;
            }

            if (readWriteBufferOffset % readWriteBuffer.Length == 0) {
                parent.Write (readWriteBuffer, 0, readWriteBufferOffset);
                readWriteBufferOffset = 0;
            }

            readWriteBuffer [readWriteBufferOffset++] = (byte)(buffer [offset + i]
                ^ keyStreamBuffer [keyStreamBufferOffset++]);
        }

        parent.Write (readWriteBuffer, 0, readWriteBufferOffset);
    }

    private void FillKeyStreamBuffer ()
    {
        int read = cbcStream.Read (keyStreamBuffer, 0, keyStreamBuffer.Length);
        // NOTE undocumented feature
        // only works if keyStreamBuffer.Length % blockSize == 0
        if (read != keyStreamBuffer.Length)
            throw new InvalidOperationException ("Implementation error: could not read all bytes from CBC stream");
    }

    public override bool CanRead {
        get { return mode == CryptoStreamMode.Read; }
    }

    public override bool CanWrite {
        get { return mode == CryptoStreamMode.Write; }
    }

    public override void Flush ()
    {
        // should never have to be flushed, implementation empty
    }

    public override bool CanSeek {
        get { return false; }
    }

    public override long Seek (long offset, System.IO.SeekOrigin origin)
    {
        throw new NotSupportedException ();
    }

    public override long Position {
        get { throw new NotSupportedException (); }
        set { throw new NotSupportedException (); }
    }

    public override long Length {
        get { throw new NotSupportedException (); }
    }

    public override void SetLength (long value)
    {
        throw new NotSupportedException ();
    }

}

OFBStream 需要的附加类 ZeroStream

class ZeroStream : System.IO.Stream
{
    public override int Read (byte[] buffer, int offset, int count)
    {
        for (int i = 0; i < count; i++) {
            buffer [offset + i] = 0;
        }

        return count;
    }

    public override bool CanRead {
        get { return true; }
    }

    ... the rest is not implemented
}

您可以像我对测试向量一样使用它：

// NIST CAVP test vector F.4.1: OFB-AES128.Encrypt from NIST SP 800-38A

RijndaelManaged aes = new RijndaelManaged ();
aes.Key = FromHex ("2b7e151628aed2a6abf7158809cf4f3c");
aes.IV = FromHex ("000102030405060708090A0B0C0D0E0F");
MemoryStream testVectorStream = new MemoryStream (FromHex (
    "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710"));
OFBStream testOFBStream = new OFBStream (testVectorStream, aes, CryptoStreamMode.Read);
MemoryStream cipherTextStream = new MemoryStream ();
testOFBStream.CopyTo (cipherTextStream);
Console.WriteLine (ToHex (cipherTextStream.ToArray ()));

请注意，流处理尚未经过全面测试。

【讨论】：

欢迎任何关于我的 C# 技能的 cmet。这不是我的主要语言。请注意，并非所有参数在使用前都经过全面测试。
感谢您的工作，您介意提供一些有关如何使用这个新类的代码吗？如何调用它，传递 Key、IV 和明文，在我的情况下，所有这些都是 byte[]。
你在这方面相处得如何？如果你需要一个 ToHex/FromHex 实现，它是从here 偷来的并重命名。
几天以来，我的代码已经非常接近解决方案（我尝试实现自己的方式），现在我注意到 0 的字节 [] 太短，我发送它是 3 个字节，因为这是我计划加密的文本的长度。我发送了 16 个字节的 0，现在一切正常。非常感谢您的帮助。
是的，这就是加密的问题。如果它不起作用，它通常只会产生垃圾。请注意，NIST 测试向量还包含密钥流（中间）信息。查找官方文档/测试向量永远不会受到伤害。很高兴能提供帮助，实现这一点很有趣。