efe4pj Posted August 28, 2009 Share Posted August 28, 2009 Hi I tried to use the AES.au3 UDF library and encountered several problems. My context is quite specific: Our system team use autoit to write registry key containing dbuser and password in AES-encrypted value in HEXAdecimal form. My Java application has then to read that value and extract the user/password couple. I read AES algorythms and operation modes specifications fips-197.pdf at http://csrc.nist.gov/publications/PubsFIPS.html sp800-38a.pdf http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html Java Cryptography implementation is far less permissive than autoit AES lib, in the following way: - key size must be exacty 16, 24, or 32 byte long, as required by AES: no guessing as found in "_AesPrepareKey" - encrypted message length must be a multiple of 16 bytes (AES block size) If I use a message in autoit that is not 16*N byte long, I get an Cipher Exception when decoding using Java: "javax.crypto.IllegalBlockSizeException: Input length not multiple of 16 bytes" To have it work I needed to padright() the input data with SPACEs. Documentation on autoit AES is sparse. Being quite new to crypto, and autoit also, I had to dig my way threw the "AES.au3" source to find the location of the "I.V." in the encrypted result. Also, I found out your CBC implementation is "AES/CBC/NoPadding" (I only tested CBC, so I cannot tell for other operation mode). Does your implementation support "AES/CBC/PKCS5Padding" ? Two thing that I still do not understand: - In _AESEncrypt(): "If BinaryLen($Data) < 16 Then Return $IV & $Ret" Could you direct me to the specification section requiring this. - Whatever the length of the input data, it seems to me that the encrypted result should be 16*n byte long. I notice output is same length than input, and I fail to decrypt if not 16*n byte long As you see, I need some help. Please tell me if I am mistaken. Best regards ////////////////////////////////////// au3 script used to crypt the message ////////////////////////////////////// #NoTrayIcon #Include "aes.au3" #RequireAdmin _AesInit() FileWrite("encrypt.log", @CRLF) $hex_skey = "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" $skey = Binary($hex_skey) FileWrite("encrypt.log", $hex_skey & @CRLF) FileWrite("encrypt.log", $skey & @CRLF) $IV = Binary("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); $Mode = "CBC" $pass = "QueJAimeAFaireApprendreUnNombreUtileAuxSages" ;Using an Array Dim $aPass[3] $aPass[0]="QueJAimeAFaireApprendreUnNombreUtileAuxSages" $aPass[1]="QueJAimeAFaireApprendreUnNombreUtileAuxSages " $aPass[2]="AAAABBBBCCCCDDDDAAAABBBBCCCCDDDDAAAABBBBCCCCDDDD" $pass = "" FOR $pass IN $aPass $crypt_pass = _AesEncrypt($skey, $pass, $Mode, $IV) $hex_crypt_pass = Hex($crypt_pass) FileWrite("encrypt.log", "longueur scrypt_pass: (binlg) " & BinaryLen($crypt_pass) & " (hexstrlg) " & StringLen($hex_crypt_pass) & @CRLF) FileWrite("encrypt.log", $crypt_pass & @CRLF) FileWrite("encrypt.log", $hex_crypt_pass & @CRLF) NEXT ////////////////////////////////////// // AUTOIT OUTPUT ////////////////////////////////////// 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA longueur scrypt_pass: (binlg) 60 (hexstrlg) 120 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABB98918A8582A631EDAEFE9D464670180A2FDDABE62FAF0F82C092803 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABB98918A8582A631EDAEFE9D464670180A2FDDABE62FAF0F82C092803 longueur scrypt_pass: (binlg) 64 (hexstrlg) 128 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABA2FDDABE62FAF0F82C0928035F1CFA3415C6EF3F19B95E77BDEAD0AD1C0A3068 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABA2FDDABE62FAF0F82C0928035F1CFA3415C6EF3F19B95E77BDEAD0AD1C0A3068 longueur scrypt_pass: (binlg) 64 (hexstrlg) 128 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F34135D0EA720BA29B8E611B2206FECCD175D16C4DDE18FCF1D753FBB1640E9F752D0B976057DCDDC3C65AB81A19DFB FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F34135D0EA720BA29B8E611B2206FECCD175D16C4DDE18FCF1D753FBB1640E9F752D0B976057DCDDC3C65AB81A19DFB ////////////////////////////////////// // JAVA SOURCE CODE (decrypt) ////////////////////////////////////// public static void main(String[] args) { try { // Secret key 128 bits hexa-encoded String secretKeyAsHex = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; String[] registryValueArray = new String[] { // "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F34135D0EA720BA29B8E611B2206FECCD175D16C4DDE18FCF1D753FBB1640E9F752D0B976057DCDDC3C65AB81A19DFB", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABA2FDDABE62FAF0F82C0928035F1CFA3415C6EF3F19B95E77BDEAD0AD1C0A3068", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1DDCFEC808303F76ADD0FF75D5061BABB98918A8582A631EDAEFE9D464670180A2FDDABE62FAF0F82C092803", // }; for (int i = 0; i < registryValueArray.length; i++) { String registryValue = registryValueArray; Charset cs = Charset.forName("iso-8859-1"); // decode secret key char[] keyAsCharArray = secretKeyAsHex.toCharArray(); byte[] keyAsByteArray = Hex.decodeHex(keyAsCharArray); SecretKeySpec skeySpec = new SecretKeySpec(keyAsByteArray,"AES"); // create cipher // Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); // split IV and crypted message System.out.println("Longueur regValue (String):" + registryValue.length()); char[] regValueAsCharArray = registryValue.toCharArray(); System.out.println("Longueur regValue (Char):" + regValueAsCharArray.length); byte[] regValueAsByteArray = Hex.decodeHex(regValueAsCharArray); System.out.println("Longueur regValue (Byte):" + regValueAsByteArray.length); byte[] pwd_iv = new byte[16]; System.arraycopy(regValueAsByteArray, 0, pwd_iv, 0, 16); System.out.println("Longueur pwd_iv (Byte):" + pwd_iv.length); byte[] pwd_crypted = new byte[regValueAsByteArray.length - 16]; System.arraycopy(regValueAsByteArray, 16, pwd_crypted, 0, pwd_crypted.length); System.out.println("Longueur pwd_crypted (Byte):" + pwd_crypted.length); // initialize cipher IvParameterSpec ivSpec = new IvParameterSpec(pwd_iv); cipher.init(Cipher.DECRYPT_MODE, skeySpec, ivSpec); // decrypt byte[] decrypted_pwd = cipher.doFinal(pwd_crypted); // display String pwd = new String(decrypted_pwd, cs); System.out.println(pwd); } } catch (Throwable t) { t.printStackTrace(); } } ////////////////////////////////////// // JAVA OUTPUT ////////////////////////////////////// Longueur regValue (String):128 Longueur regValue (Char):128 Longueur regValue (Byte):64 Longueur pwd_iv (Byte):16 Longueur pwd_crypted (Byte):48 AAAABBBBCCCCDDDDAAAABBBBCCCCDDDDAAAABBBBCCCCDDDD Longueur regValue (String):128 Longueur regValue (Char):128 Longueur regValue (Byte):64 Longueur pwd_iv (Byte):16 Longueur pwd_crypted (Byte):48 QueJAimeAFaireApprendreUnNombreUtileAuxSages Longueur regValue (String):120 Longueur regValue (Char):120 Longueur regValue (Byte):60 Longueur pwd_iv (Byte):16 Longueur pwd_crypted (Byte):44 javax.crypto.IllegalBlockSizeException: Input length not multiple of 16 bytes at com.sun.crypto.provider.SunJCE_f.a(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..) at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..) at javax.crypto.Cipher.doFinal(DashoA13*..) at ... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now