【问题标题】:SIGSEGV error when using AES_ctr128_encrypt for sockets对套接字使用 AES_ctr128_encrypt 时出现 SIGSEGV 错误
【发布时间】:2016-01-22 08:26:14
【问题描述】:

当我尝试使用 AES_ctr128_encrypt 加密文件数据时,我收到 SIGBUS 错误。在这里,我使用read() 函数每次将数据从文件中读取到bufptr[32k] 32k 块中。对于每个块,我只想使用AES_ctr128_encrypt(bufptr+200, outdata, bytes_encrypt, &key, state.ivec, state.ecount, &state.num); 加密数据的一部分,只加密所需的数据并再次将其发送到服务器,然后再次解密并添加到缓冲区。有人可以帮我解决这个问题吗?提前致谢。

第一个客户端能够将文件大小发送到服务器,当它到达 AES_ctr128_encrypt() 时,我得到 分段错误(核心转储),gdb 说它是一个 SIGSEGV .

我的头文件

#include <stdio.h>
#include <errno.h>
#include <unistd.h>
#include <malloc.h>
#include <string.h>
#include <sys/socket.h>
#include <resolv.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/sendfile.h>
#include <pthread.h>
#include <sys/syscall.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <sys/time.h>
#include <openssl/aes.h>
#include <openssl/rand.h>
#include <openssl/modes.h>
#include <openssl/crypto.h>
#define FAIL    -1
#define SEGMENT_SIZE 32768
#define j 10
#define OUT1 AES_BLOCK_SIZE
#define BYTES_ENCRYPT AES_BLOCK_SIZE

我的客户程序

#include "headers.h"
#define FILE "/tmp/book"

struct ctr_state {
    unsigned char ivec[AES_BLOCK_SIZE];
    unsigned int num;
    unsigned char ecount[AES_BLOCK_SIZE];
};

int init_ctr(struct ctr_state *state, const unsigned char iv[8])
{
    /* aes_ctr128_encrypt requires 'num' and 'ecount' set to zero on the
     * first call. */
    state->num = 0;
    memset(state->ecount, 0, 16);

    /* Initialise counter in 'ivec' to 0 */
    memset(state->ivec + 16, 0, 16);

    /* Copy IV into 'ivec' */
    memcpy(state->ivec, iv, 16);
}

int main(int argc, char* argv[])
{
size_t count;   
AES_KEY key;
unsigned char ckey[] =  "/home/nandan/aes.key"; 
unsigned char iv[AES_BLOCK_SIZE];
struct ctr_state state;   

// validate proper usage
if (argc != 3)
{
    fprintf(stderr, "Usage: %s <serverIP> <serverPort>\n", argv[0]);
    exit(-1);
}

// store the command line arguments 
char *server_ip = argv[1];
int server_port = htons(atoi(argv[2]));
// stores address of remote server to connect
struct sockaddr_in server_addr;
int fd, option;

fd = socket(AF_INET, SOCK_STREAM, 0);
if (fd == -1)
{
    fprintf(stderr, "Error creating socket\n");
    exit(-1);
}

memset(&server_addr, 0, sizeof(server_addr));

server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = inet_addr(server_ip);
server_addr.sin_port = server_port;

if (connect(fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) == -1)
{
    fprintf(stderr, "Error connecting to server\n");
    exit(-1);
}

struct stat stats;
stat("/tmp/book", &stats);
int size = stats.st_size;
// send size of file to the client
send(fd, &size, sizeof(int),0);
printf("Written \n");
unsigned char outdata[OUT1];
in = open (FILE, O_RDONLY);
to_read = size;
char *bufptr = malloc(SEGMENT_SIZE);
  do
  {
   n = read (in, bufptr, SEGMENT_SIZE);
   if(n < 0)
   {  
    perror("Read Error:");
   }
   init_ctr(&state, iv);
   AES_ctr128_encrypt(bufptr+200, outdata, BYTES_ENCRYPT, &key, state.ivec, state.ecount, &state.num);
   memcpy(bufptr+200,outdata,BYTES_ENCRYPT);
   sending = send(fd, bufptr, n,0);
   to_read = to_read-n;
   } while (to_read != 0);  
close(fd);
}

我的服务器程序

#include "headers.h"
struct ctr_state {
    unsigned char ivec[16]; 
    unsigned int num;
    unsigned char ecount[16];
};
int init_ctr(struct ctr_state *state, const unsigned char iv[8])
{
    /* aes_ctr128_encrypt requires 'num' and 'ecount' set to zero on the
     * first call. */
    state->num = 0;
    memset(state->ecount, 0, 16);

    /* Initialise counter in 'ivec' to 0 */
    memset(state->ivec + 8, 0, 8);

    /* Copy IV into 'ivec' */
    memcpy(state->ivec, iv, 8);
}

int main(int argc, char* argv[])
{

size_t count;    
AES_KEY key;   
unsigned char ckey[] =  "/home/nandan/aes.key";
unsigned char iv[AES_BLOCK_SIZE];
struct ctr_state state;   
// validate proper usage
if (argc != 4)
{
    fprintf(stderr, "Usage %s <serverBindIP> <serverBindPort> <CredentialsFilePath>\n", argv[0]);
    exit(-1);
}

int server;
char* ip = argv[1];
int port = htons(atoi(argv[2]));
char* passwd_file = argv[3];
struct sockaddr_in server_addr, client_addr;
clock_t start, end;
double cpu_time_used, timer = 0;
int server_fd, client_fd, result;
socklen_t length;

// Create an internet domain TCP socket
server_fd = socket(AF_INET, SOCK_STREAM, 0);
if (server_fd == -1)
{
    fprintf(stderr, "Unable to create socket\n");
    exit(-1);
}

server_addr.sin_family = AF_INET;
server_addr.sin_port = port;
server_addr.sin_addr.s_addr = inet_addr(ip);

// bind socket to an network interface
result = bind(server_fd, (struct sockaddr*) &server_addr, sizeof(server_addr));
if (result == -1)
{
    fprintf(stderr, "Unable to bind socket\n");
    exit(-1);
}

// mark the socket used for incoming requests
listen(server_fd, 5);

// accept an incoming connection
printf("Waiting for incoming connection\n");
length = sizeof(client_addr);
client_fd = accept(server_fd, (struct sockaddr*) &client_addr, &length);/* accept connection as usual */
if (client_fd == -1)
{
fprintf(stderr, "Unable to accept peer connection\n");
exit(-1);
}  
printf("Connection: %s:%d\n",inet_ntoa(client_addr.sin_addr), ntohs(client_addr.sin_port));
  int tmp = 0,i,size = 0;  // read file size first
  unsigned char outdata[OUT1]; 
  recv(client_fd, &size, sizeof(int),0);
  printf("%d \n", size);
  int bytes_read = 0;
  int to_read = size;
  printf("%d \n", size);
  FILE* out = fopen("/tmp/x1.pdf", "wb");
  char *buffer = malloc(SEGMENT_SIZE);
   do 
   {
     bytes_read = recv(client_fd, buffer, sizeof(buffer),0);
     init_ctr(&state, iv);
     AES_ctr128_encrypt(buffer+200, outdata, BYTES_ENCRYPT, &key, state.ivec, state.ecount, &state.num);
     memcpy(buffer+200, outdata, BYTES_ENCRYPT);
     tmp = tmp + bytes_read;
    // save content to disk
     fwrite(buffer, 1, bytes_read, out);
   } while (tmp != size);
close(client_fd);         /* close socket */
return 0;
}

edit1:我不想加密所有数据,我只想加密每个块中的部分数据,看看它有多有用。

【问题讨论】:

  • 谁在崩溃?服务器?客户?
  • 在服务器中bytes_read = recv(client_fd, buffer, sizeof(buffer),0); 应该是bytes_read = recv(client_fd, buffer, sizeof(SEGMENT_SIZE),0);sizeof(buffer) 是指针的大小...
  • @Jean-BaptisteYunès 我的客户崩溃了......它是第一个发送数据的人。和sizeof(SEGMENT_SIZE) 我更新了它。
  • GDB 通常不仅会说明它是哪个信号,还会说明它发生在程序中的哪里。尤其是当您使用-ggdb 编译时。

标签: c sockets encryption openssl


【解决方案1】:

由于不同的原因,您的代码不好:

  • 不要在函数内部定义结构
  • 不要使用本地函数(标准禁止),init_ctr
  • 在客户端中,您发送了size 变量,但尚未声明它
  • 在您使用sizeof(buffer) 代替SEGMENT_SIZE 的服务器中
  • 对#defined 值使用大写的标识符,bytes-encrypt
  • 将 ivec 和 ecount 定义为长度为 AES_BLOCK_SIZE,不要使用 16
  • 直接发送outdata,不要复制回你读入的缓冲区
  • 为什么你只加密从bufptr+200开始的16个字节?
  • ...

我可以建议你用更干净的方式重写你的代码,这样更容易找到你的问题吗?

【讨论】:

  • 感谢您的建议,我刚刚将代码修改为您的建议,我收到了SIGSEGV..知道该怎么做..
  • 是的,使用调试器找出问题所在。您的内存管理存在严重问题...
  • 这是我的调试器所说的Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7a7a9e0 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2023-03-08
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多