Jump to content

Test result and questions about AES UDF


 Share

Recommended Posts

Hi

I tried to use the AES.au3 UDF library and encountered several problems.

My context is quite specific:

Our system team use autoit to write registry key containing dbuser and password

in AES-encrypted value in HEXAdecimal form.

My Java application has then to read that value and extract the user/password couple.

I read AES algorythms and operation modes specifications

fips-197.pdf at http://csrc.nist.gov/publications/PubsFIPS.html

sp800-38a.pdf http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html

Java Cryptography implementation is far less permissive than autoit AES lib, in the

following way:

- key size must be exacty 16, 24, or 32 byte long, as required by AES:

no guessing as found in "_AesPrepareKey"

- encrypted message length must be a multiple of 16 bytes (AES block size)

If I use a message in autoit that is not 16*N byte long, I get an Cipher Exception

when decoding using Java: "javax.crypto.IllegalBlockSizeException: Input length not multiple of 16 bytes"

To have it work I needed to padright() the input data with SPACEs.

Documentation on autoit AES is sparse.

Being quite new to crypto, and autoit also, I had to dig my way threw the "AES.au3" source to find

the location of the "I.V." in the encrypted result.

Also, I found out your CBC implementation is "AES/CBC/NoPadding"

(I only tested CBC, so I cannot tell for other operation mode).

Does your implementation support "AES/CBC/PKCS5Padding" ?

Two thing that I still do not understand:

- In _AESEncrypt(): "If BinaryLen($Data) < 16 Then Return $IV & $Ret"

Could you direct me to the specification section requiring this.

- Whatever the length of the input data, it seems to me that the encrypted result

should be 16*n byte long. I notice output is same length than input, and I fail

to decrypt if not 16*n byte long

As you see, I need some help.

Please tell me if I am mistaken.

Best regards

//////////////////////////////////////

au3 script used to crypt the message

//////////////////////////////////////

#NoTrayIcon

#Include "aes.au3"

#RequireAdmin

_AesInit()

FileWrite("encrypt.log", @CRLF)

$hex_skey = "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

$skey = Binary($hex_skey)

FileWrite("encrypt.log", $hex_skey & @CRLF)

FileWrite("encrypt.log", $skey & @CRLF)

$IV = Binary("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");

$Mode = "CBC"

$pass = "QueJAimeAFaireApprendreUnNombreUtileAuxSages"

;Using an Array

Dim $aPass[3]

$aPass[0]="QueJAimeAFaireApprendreUnNombreUtileAuxSages"

$aPass[1]="QueJAimeAFaireApprendreUnNombreUtileAuxSages "

$aPass[2]="AAAABBBBCCCCDDDDAAAABBBBCCCCDDDDAAAABBBBCCCCDDDD"

$pass = ""

FOR $pass IN $aPass

$crypt_pass = _AesEncrypt($skey, $pass, $Mode, $IV)

$hex_crypt_pass = Hex($crypt_pass)

FileWrite("encrypt.log", "longueur scrypt_pass: (binlg) " & BinaryLen($crypt_pass) & " (hexstrlg) " & StringLen($hex_crypt_pass) & @CRLF)

FileWrite("encrypt.log", $crypt_pass & @CRLF)

FileWrite("encrypt.log", $hex_crypt_pass & @CRLF)

NEXT

//////////////////////////////////////

// AUTOIT OUTPUT

//////////////////////////////////////

0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

longueur scrypt_pass: (binlg) 60 (hexstrlg) 120

0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABB98918A8582A631EDAEFE9D464670180A2FDDABE62FAF0F82C092803

FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABB98918A8582A631EDAEFE9D464670180A2FDDABE62FAF0F82C092803

longueur scrypt_pass: (binlg) 64 (hexstrlg) 128

0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABA2FDDABE62FAF0F82C0928035F1CFA3415C6EF3F19B95E77BDEAD0AD1C0A3068

FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABA2FDDABE62FAF0F82C0928035F1CFA3415C6EF3F19B95E77BDEAD0AD1C0A3068

longueur scrypt_pass: (binlg) 64 (hexstrlg) 128

0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F34135D0EA720BA29B8E611B2206FECCD175D16C4DDE18FCF1D753FBB1640E9F752D0B976057DCDDC3C65AB81A19DFB

FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F34135D0EA720BA29B8E611B2206FECCD175D16C4DDE18FCF1D753FBB1640E9F752D0B976057DCDDC3C65AB81A19DFB

//////////////////////////////////////

// JAVA SOURCE CODE (decrypt)

//////////////////////////////////////

public static void main(String[] args) {

try {

// Secret key 128 bits hexa-encoded

String secretKeyAsHex = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";

String[] registryValueArray = new String[] { //

"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F34135D0EA720BA29B8E611B2206FECCD175D16C4DDE18FCF1D753FBB1640E9F752D0B976057DCDDC3C65AB81A19DFB",

"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABA2FDDABE62FAF0F82C0928035F1CFA3415C6EF3F19B95E77BDEAD0AD1C0A3068",

"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABB98918A8582A631EDAEFE9D464670180A2FDDABE62FAF0F82C092803",

//

};

for (int i = 0; i < registryValueArray.length; i++) {

String registryValue = registryValueArray;

Charset cs = Charset.forName("iso-8859-1");

// decode secret key

char[] keyAsCharArray = secretKeyAsHex.toCharArray();

byte[] keyAsByteArray = Hex.decodeHex(keyAsCharArray);

SecretKeySpec skeySpec = new SecretKeySpec(keyAsByteArray,"AES");

// create cipher

// Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");

Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");

// split IV and crypted message

System.out.println("Longueur regValue (String):" + registryValue.length());

char[] regValueAsCharArray = registryValue.toCharArray();

System.out.println("Longueur regValue (Char):" + regValueAsCharArray.length);

byte[] regValueAsByteArray = Hex.decodeHex(regValueAsCharArray);

System.out.println("Longueur regValue (Byte):" + regValueAsByteArray.length);

byte[] pwd_iv = new byte[16];

System.arraycopy(regValueAsByteArray, 0, pwd_iv, 0, 16);

System.out.println("Longueur pwd_iv (Byte):" + pwd_iv.length);

byte[] pwd_crypted = new byte[regValueAsByteArray.length - 16];

System.arraycopy(regValueAsByteArray, 16, pwd_crypted, 0, pwd_crypted.length);

System.out.println("Longueur pwd_crypted (Byte):" + pwd_crypted.length);

// initialize cipher

IvParameterSpec ivSpec = new IvParameterSpec(pwd_iv);

cipher.init(Cipher.DECRYPT_MODE, skeySpec, ivSpec);

// decrypt

byte[] decrypted_pwd = cipher.doFinal(pwd_crypted);

// display

String pwd = new String(decrypted_pwd, cs);

System.out.println(pwd);

}

} catch (Throwable t) {

t.printStackTrace();

}

}

//////////////////////////////////////

// JAVA OUTPUT

//////////////////////////////////////

Longueur regValue (String):128

Longueur regValue (Char):128

Longueur regValue (Byte):64

Longueur pwd_iv (Byte):16

Longueur pwd_crypted (Byte):48

AAAABBBBCCCCDDDDAAAABBBBCCCCDDDDAAAABBBBCCCCDDDD

Longueur regValue (String):128

Longueur regValue (Char):128

Longueur regValue (Byte):64

Longueur pwd_iv (Byte):16

Longueur pwd_crypted (Byte):48

QueJAimeAFaireApprendreUnNombreUtileAuxSages

Longueur regValue (String):120

Longueur regValue (Char):120

Longueur regValue (Byte):60

Longueur pwd_iv (Byte):16

Longueur pwd_crypted (Byte):44

javax.crypto.IllegalBlockSizeException: Input length not multiple of 16 bytes

at com.sun.crypto.provider.SunJCE_f.a(DashoA13*..)

at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)

at javax.crypto.Cipher.doFinal(DashoA13*..)

at ...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...