EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Rijndael

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#34294
Posted: 08/24/2015 11:33:44
by Javier Karas (Standard support level)
Joined: 08/24/2015
Posts: 7

Hi, I'm trying to migrate all my code to use SecureBlackBox, I've a code that uses a custom library to encode AES 128 CBC, it uses a 16 chars IV, and transfers data to a process made in Java.
Looking in forum find some piece of code on how to encode decode AES, but when I try to set the 16 char IV says that it's invalid IV, there is any prerequisite to set the IV?
#34295
Posted: 08/24/2015 11:35:36
by Eugene Mayevski (EldoS Corp.)

We have sample code for symmetric encryption both in {SecureBlackbox}\Samples\{Language}\PKIBlackbox directory and here in the forum. If you don't find one, you are welcome to post your code snippet here for us to check it.


Sincerely yours
Eugene Mayevski
#34296
Posted: 08/24/2015 11:52:05
by Ken Ivanov (EldoS Corp.)

Hi Javier,

Quote
but when I try to set the 16 char IV says that it's invalid IV, there is any prerequisite to set the IV?

The IV should be exactly 16 bytes. A common mistake is assigning a hexadecimal string (having a length of 32 hexadecimal characters) instead of a 16 byte array, which may end up in the problem you described.

Ken
#34312
Posted: 08/28/2015 15:34:01
by Javier Karas (Standard support level)
Joined: 08/24/2015
Posts: 7

I've modified the sample provided, to encode AES 128 CBC, but the output is not as expected, my previous delphi code and his java's counterpart (made with Bouncy Castle) produce same result, which is different from the one produced with secure black box. Here is my code:

Code
function PasswordToKeyMaterial(const PassPhrase, InitVector: string): TElSymmetricKeyMaterial;
var
  PassBytes : ByteArray;
  Digest : ByteArray;
  IV : ByteArray;
  i: integer;
begin
  SetLength(IV, 16);
  for i := 0 to 15 do
    IV[i] := ord(InitVector[i]);
  SetLength(Digest, length(PassPhrase));
  for i := 0 to length(PassPhrase)-1 do
    Digest[i] := ord(PassPhrase[i]);

  Result := TElSymmetricKeyMaterial.Create;
  Result.Key := Digest;
  Result.IV := IV;
end;

function EncryptAES128CBC(Text, PassPhrase, InitVector: string): string;
var
  Crypto : TElSymmetricCrypto;
  KeyMaterial : TElSymmetricKeyMaterial;
  InBuf, OutBuf : ByteArray;
  OutSize : integer;
begin
  result := '';
  if length(passPhrase)<16 then
    raise exception.Create('PassPhrase has to be at least 16 chars length');
  if length(InitVector)<>16 then
    raise exception.Create('InitVector has to be 16 chars length');
  Crypto := TElSymmetricCrypto.Create(SB_ALGORITHM_CNT_AES128, cmCBC);
  try
    try
      Crypto.KeyMaterial := PasswordToKeyMaterial(PassPhrase, InitVector);

      InBuf := SBUtils.BytesOfString(Text);

      OutSize := 0;
      Crypto.Encrypt(@InBuf[0], Length(InBuf), nil, OutSize);
      SetLength(OutBuf, OutSize);
      Crypto.Encrypt(@InBuf[0], Length(InBuf), @OutBuf[0], OutSize);
      SetLength(OutBuf, OutSize);

      result := StringToHex(SBUtils.StringOfBytes(OutBuf));
    except
      on Ex : Exception do
        ShowMessage('Encryption error: ' + Ex.Message);
    end;
  finally
    FreeAndNil(Crypto);
  end;
end;


Which parameters should I check that could be provoking different output with same key/IV?
#34313
Posted: 08/28/2015 16:41:54
by Ken Ivanov (EldoS Corp.)

Hi Javier,

Thank you for the sample code.

While the encrypting code generally looks fine, the actual reason for the differences you are encountering is probably somewhere in the password-to-key conversion code (as there is a number of different incompatible ways to perform the conversion). Remember that you need to perform the conversion in exactly the same way on both the encrypting and decrypting sides.

The easiest way to ensure that everything is going right is to compare values assigned to the Key and IV properties of the TElSymmetricKeyMaterial to those assigned in the decrypting Java code, provided that the same password is used. If any of the values differs, there's a problem somewhere in the conversion code that needs to be located and fixed.

Ken
#34316
Posted: 08/29/2015 01:36:02
by Eugene Mayevski (EldoS Corp.)

Please try to decrypt the result back with both SecureBlackbox and Java code and see what outcome you get. If the data can not be decrypted at all, then something is wrong with the way the key or IV is set. If the data is decrypted and you see just the half of the text, then it's related to Unicode and the size of buffer.


Sincerely yours
Eugene Mayevski
#34331
Posted: 08/31/2015 08:42:25
by Javier Karas (Standard support level)
Joined: 08/24/2015
Posts: 7

The 3 procedure's output can be decoded by their respective counterparts, I'm quite lost here.
#34332
Posted: 08/31/2015 08:43:59
by Eugene Mayevski (EldoS Corp.)

Is the resulting output (after decoding) the same and correct?


Sincerely yours
Eugene Mayevski
#34335
Posted: 08/31/2015 12:05:33
by Javier Karas (Standard support level)
Joined: 08/24/2015
Posts: 7

Procedure: Previous delphi code
Text to encode: Test1Test1Test1
Key: 1234567890123456
IV: 6543210987654321
Encoded output: CBBA0401420C042E125BF2ADEDFCFCAA (Same output than Java code)
Decode output: Test1Test1Test1

Procedure: Code with SBB
Text to encode: Test1Test1Test1
Key: 1234567890123456
IV: 6543210987654321
Encoded output: ACA1207CA064E65F5FDDC428CCA26B4F
Decode output: Test1Test1Test1
#34340
Posted: 08/31/2015 16:39:35
by Ken Ivanov (EldoS Corp.)

Hi Javier,

I've just tried to reproduce your scenario locally and found out that my code returns exactly the same result as your 'previous delphi code' does. My code is below:

Code
var
  Crypto : TElSymmetricCrypto;
  KM : TElSymmetricKeyMaterial;
const
  KeyStr : string = '1234567890123456';
  IVStr : string = '6543210987654321';
  InputText : string = 'Test1Test1Test1';
var
  InBuf, OutBuf: ByteArray;
  OutSize : integer;
begin
  Crypto := TElSymmetricCrypto.Create(SB_ALGORITHM_CNT_AES128, cmCBC);
  KM := TElSymmetricKeyMaterial.Create();
  try
    KM.Key := BytesOfString(KeyStr);
    KM.IV := BytesOfString(IVStr);

    InBuf := BytesOfString(InputText);

    Crypto.KeyMaterial := KM;
    OutSize := Length(InBuf) * 2;
    SetLength(OutBuf, OutSize);
    Crypto.Encrypt(@InBuf[0], Length(InBuf), @OutBuf[0], OutSize);
    SetLength(OutBuf, OutSize);

    Writeln(BinaryToString(@OutBuf[0], OutSize));
  finally
    FreeAndNil(KM);
    FreeAndNil(Crypto);
  end;
end;


Cheers,

Ken
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 4294 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!