search

Jens-G / haxe-crypto

Hurlant crypto library ported to haxe: tls, md2, md5, sha1, sha224, sha256, xtea, hex, base64, hmac, tlsprf, blowfish, des, tripledes, aes, cfb8, cfb, ctr, ofb, ecb, bigint, big integers, rsa, pem, rot13, uuid, utf8, utf16
http://lib.haxe.org/p/haxe-crypto/
Other
54 stars 16 forks source link

AES only working with small strings (Invalid padding value) #14

Open besserwisser opened 6 years ago

besserwisser commented 6 years ago

Hello,

I am trying to use the AES encryption. Sadly I can only get very small strings encrypted. For example "life is easy" works fine. But "life is the nicest of nicest" throws an error:

"Error: PKCS#5:unpad: Invalid padding value. expected [170], found [0]"

This is my current code snippet:

    var keyString = "sdphuif3479fhweafgh89epfg89e4ghuhw";
    var key = Crypto.getCharset("utf-8").encode(keyString);
    var cipher:ICipher = Crypto.getCipher("simple-aes256", key);
    log( "Key: " + keyString);

    var testString = "life is the nicest of nicest";
    // var testString = "life is nice";
    var data = Crypto.getCharset("utf-8").encode(testString);
    cipher.encrypt(data);
    log("original string: " + testString);

    var stringEncrypted = Base64.encode(data);
    log("Encrypted: " + stringEncrypted);

    var byteArray = Base64.decode(stringEncrypted);
    cipher.decrypt(byteArray);
    var stringDecrypted = Crypto.getCharset("utf-8").decode(byteArray);
    log("Decrypted: " + stringDecrypted);

The error message occurs on all targets (e.g. android and html5).

BTW: What also confused me is that even the short string, which worked fine, can't be decrypted using this tool: http://aesencryption.net/

soywiz commented 6 years ago

I'm not maintaining myself this project anymore. But if you are interested and make a PR fixing this, I'll happily merge it and will release a new version

Regards

ShurikMur commented 4 years ago

(Will post it here. Seems the issues are closely related) There is a function to expand AES key, but looks like it is never used. Every block of data (of 16 bytes) ends up encrypted with the same basic key, which is not how AES should work (well, i may be wrong at this point. Should the key be expanded outside rounds?). The function for key expansion is declared as private and only called once from a constructor.| The results obtained using direct use of AESKey class. Does not crashes that way, but without expanding the key every block of data is encrypted incorrectly. It is possible AES implementation was never done properly. If someone uses this in an actual project - look out, this may present a vulnerability to the data.