EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Algo AES128 - Invalid Key Material

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#11286
Posted: 10/09/2009 04:11:20
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

Hello,

I must generate a key on 128 bits and use AES128 for crypter my data (padding pkcs#1 and ICV = 0).

My code :

Code

  ChiffrementAES := TElAESSymmetricCrypto.Create(SB_ALGORITHM_CNT_AES128,cmCBC);
  CleTransact    := TElSymmetricKeyMaterial.Create();
  try
    try

      CleTransact.Algorithm := SB_ALGORITHM_CNT_AES128;
      CleTransact.Generate(128);
      //CleTransact.GenerateIV(0); ?

      //Save Key
      fichCleTrans := 'D:\GestionEBICS\GestionEBICS\Temp\CleTransact.txt';
      fsCleTrans := TFileStream.Create(fichCleTrans,fmCreate);
      try
        CleTransact.Save(fsCleTrans);
      finally
        FreeAndNil(fsCleTrans);
      end;

      //AES128
      ChiffrementAES.Padding     := cpNone;
      ChiffrementAES.KeyMaterial := CleTransact;

      fichDataChif := 'D:\GestionEBICS\GestionEBICS\Temp\RemiseOrdre.chf';
      fsSource := TFileStream.Create(fichSource, fmOpenRead);
      try
        fsDest := TFileStream.Create(fichDataChif, fmCreate);
        try
          ChiffrementAES.Encrypt(fsSource, fsDest);
        finally
          FreeAndNil(fsDest);
        end;
      finally
        FreeAndNil(fsSource);
      end;

    except
      on E : Exception do
      MessageDlg(E.Message, mtError, [mbOk], 0);
    end;
  finally
    FreeAndNil(CleTransact);
    FreeAndNil(ChiffrementAES);
  end;


I have an error with coding

Code
ChiffrementAES.Encrypt(fsSource, fsDest);


Sincerely yours,
David MICHEL.
#11287
Posted: 10/09/2009 04:20:47
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

CBC mode requires IV to be set. It should contain 16 bytes of data for AES.
#11288
Posted: 10/09/2009 04:36:25
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

but, with 16 bytes Initialized to zero

Symmetrical encryption Information :
AES-128 (key length 128 bit) in CBC mode
ICV (Initial Chaining Value) = 0
Padding process in accordance with ANSI X9.23 / ISO 10126-2.


Sincerely yours,
David MICHEL.
#11289
Posted: 10/09/2009 04:45:14
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

In your case - yes, but every standard defines it's own value of IV (random/zero/whatever else).
#11290
Posted: 10/09/2009 04:55:12
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

Ok.
In my case, do I have to make like that ?

Code
      //Random Key
      CleTransact.Algorithm := SB_ALGORITHM_CNT_AES128;
      CleTransact.Generate(128);

      SetLength(IV,16);        //?
      CleTransact.IV  := IV;


Error : Invalid Symmetric Cipher Padding.


Sincerely yours,
David MICHEL.
#11292
Posted: 10/09/2009 07:34:59
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

You should also fillchar(IV[0], 0, 16) to make sure that it is filled with zeroes.
And, since CBC cipher mode needs input size to be multiply of block size (16 for AES), you should add padding. Since there is no specific constant for ANSI X9.23 / ISO 10126-2 padding in SBB, you need to add those bytes by yourself. For example, if your data size is 5 bytes, you need to add to the tail 11 bytes, 10 of them random, and last one with value 11 (padding size).
More information you can found at http://en.wikipedia.org/wiki/Padding_%28cryptography%29#Padding_methods
#11312
Posted: 10/12/2009 04:37:22
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

Is what this method is correct ?

Code
      CleTransact.Algorithm := SB_ALGORITHM_CNT_AES128;
      CleTransact.Generate(128);

      CleTransact.GenerateIV(128);
      IV := CleTransact.IV;
      Fillchar(IV[15], 16, 11);


Sincerely yours,
David MICHEL.
#11313
Posted: 10/12/2009 04:48:51
by Eugene Mayevski (EldoS Corp.)

First of all, you should add padding to the data, not to IV.
Next, you misuse FillChar. Please re-read VCL documentation regarding what parameters it expects.


Sincerely yours
Eugene Mayevski
#11316
Posted: 10/12/2009 07:27:07
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

If I understand well,

- I must initially fill my data by adding bytes so that they are divisible by 16 with like last value 11, before coding of these data.

- Then to initialize parameter IV to 0.

- And finally, to crypt the data.


Sincerely yours,
David MICHEL.
#11328
Posted: 10/13/2009 03:51:46
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

I must generate a key of 128 bits (16 bytes).

However, after calls with the method Generate(128) and Save(key),
do I find myself with a key on 70 bytes ?

Code
  ChiffrementAES := TElAESSymmetricCrypto.Create(SB_ALGORITHM_CNT_AES128,cmCBC);
  CleTransact    := TElSymmetricKeyMaterial.Create();
  try
    try
      
      //Generate Key
      CleTransact.Algorithm := SB_ALGORITHM_CNT_AES128;
      CleTransact.Generate(128);  //128 bits = 16 octets

      ....

      //Save Key
      fichCleTrans := 'D:\GestionEBICS\GestionEBICS\Temp\CleTransact.txt';
      fsCleTrans := TFileStream.Create(fichCleTrans,fmCreate);
      try
        CleTransact.Save(fsCleTrans);
      finally
        FreeAndNil(fsCleTrans);
      end;

      ......


Sincerely yours,
David MICHEL.
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 4974 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!