HMAC不匹配错误使用PHP解密器的RNCryptor

Question

我有一个加密的NSData变量已在Base64中编码在Objective-C中，并通过POST传递给PHP脚本。我试图解密这个字符串，但不断收到一个HMAC不匹配错误。这是我的PHP代码：

// back to binary 
$bin_data = mb_convert_encoding($username_encrypted, "UTF-8", "BASE64"); 
// extract salt 
$salt = substr($bin_data, 2, 8); 
// extract HMAC salt 
$hmac_salt = substr($bin_data, 10, 8); 
// extract IV 
$iv = substr($bin_data, 18, 16); 
// extract data 
$data = substr($bin_data, 34, strlen($bin_data) - 34 - 32); 
// extract HMAC 
$hmac = substr($bin_data, strlen($bin_data) - 32); 

// make HMAC key 
$hmac_key = pbkdf2('SHA1', $password, $hmac_salt, 10000, 32, true); 
// make HMAC hash 
$hmac_hash = hash_hmac('sha256', $data, $hmac_key, true); 
// check if HMAC hash matches HMAC 
if($hmac_hash != $hmac) 
    exit("Error HMAC mismatch"); 

// make data key 
$key = pbkdf2('SHA1', $password, $salt, 10000, 32, true); 
// decrypt 
$ret = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv); 
echo trim(preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x80-\xFF]/u', '', $ret)); 

function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false) 
{ 
    $algorithm = strtolower($algorithm); 
    if(!in_array($algorithm, hash_algos(), true)) 
     die('PBKDF2 ERROR: Invalid hash algorithm.'); 
    if($count <= 0 || $key_length <= 0) 
     die('PBKDF2 ERROR: Invalid parameters.'); 

    $hash_length = strlen(hash($algorithm, "", true)); 
    $block_count = ceil($key_length/$hash_length); 

    $output = ""; 
    for($i = 1; $i <= $block_count; $i++) { 
     // $i encoded as 4 bytes, big endian. 
     $last = $salt . pack("N", $i); 
     // first iteration 
     $last = $xorsum = hash_hmac($algorithm, $last, $password, true); 
     // perform the other $count - 1 iterations 
     for ($j = 1; $j < $count; $j++) { 
      $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true)); 
     } 
     $output .= $xorsum; 
    } 

    if($raw_output) 
     return substr($output, 0, $key_length); 
    else 
     return bin2hex(substr($output, 0, $key_length)); 
} 

，这是我的iOS代码：

NSData *plain_data = [plain_string dataUsingEncoding:NSUTF8StringEncoding]; 
NSError *error_encryption = nil; 
NSData *encrypted_data = [RNOpenSSLEncryptor encryptData:plain_data 
              withSettings:kRNCryptorAES256Settings 
               password:key 
                error:&error_encryption]; 

NSString *test_variable = [encrypted_data base64Encoding]; 

任何想法有什么不好？

Answer 1

这个问题是固定按照这个帖子：Base64 issue in NSMutableURLRequest POST message?

从本质上讲，+的正由PHP转换为空格。另外，我使用了他的例子中的PHP decrypt2()函数，而不是我的例子。 （我已经包含以下代码以供参考。）

function decrypt2($b64_data,$password) 
{ 
      // back to binary 
      //$bin_data = mb_convert_encoding($b64_data, "UTF-8", "BASE64"); 
      $bin_data = base64_decode($b64_data); 
      // extract salt 
      $salt = substr($bin_data, 2, 8); 
      // extract HMAC salt 
      $hmac_salt = substr($bin_data, 10, 8); 
      // extract IV 
      $iv = substr($bin_data, 18, 16); 
      // extract data 
      $data = substr($bin_data, 34, strlen($bin_data) - 34 - 32); 
      $dataWithoutHMAC = chr(2).chr(1).$salt.$hmac_salt.$iv.$data; 
      // extract HMAC 
      $hmac = substr($bin_data, strlen($bin_data) - 32); 
      // make HMAC key 
      $hmac_key = pbkdf2('SHA1', $password, $hmac_salt, 10000, 32, true); 
      // make HMAC hash 
      $hmac_hash = hash_hmac('sha256', $dataWithoutHMAC , $hmac_key, true); 
      // check if HMAC hash matches HMAC 
      if($hmac_hash != $hmac) { 
       echo "HMAC mismatch".$nl.$nl.$nl; 
       // return false; 
      } 
      // make data key 
      $key = pbkdf2('SHA1', $password, $salt, 10000, 32, true); 
      // decrypt 
      $ret = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);  
      return $ret; 
} 
$passkey = "123456";