search

ThealeMW / slowaes

Slowaes
0 stars 0 forks source link

bug in CBC implementation of AES OpenSSL-256 encryption #19

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. run code in "2." (i am running a gs script in google spreadsheets)
2.
function aesTester() {
  var password = "mypw";
  // generate the private key based on user's input password
  var privateKey = cryptoHelpers.generatePrivateKey(password, 128);

  var myplaintext = "hello plain text";
  // using OPENSSL_256 key size but could use
  var keysize = slowAES.aes.keySize.SIZE_256;
  var mode = slowAES.modeOfOperation.CBC;
  var key = cryptoHelpers.toNumbers("5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8");
  // initialization vector, make this unique and RANDOM!!
  var iv = cryptoHelpers.toNumbers("6bbda7892ad344e06c31e64564a69a9a");
  var plaintext = cryptoHelpers.convertStringToByteArray(myplaintext);
  // keysize is no longer a parameter because it auto finds size
  var encrypted = slowAES.encrypt(plaintext, mode, privateKey, iv);
  var base64 = cryptoHelpers.base64.encode(encrypted);
  // this is the plain text
  Logger.log(myplaintext);
  // this is the encrypted text
  Logger.log(base64);
  // decryption in reverse order of encryption
  var decodedText = cryptoHelpers.base64.decode(base64);
  // keysize is no longer a parameter because it auto finds size
  var decrypted = slowAES.decrypt(decodedText, mode, privateKey, iv);
  var decryptedText = cryptoHelpers.convertByteArrayToString(decrypted);
  // this is the decrypted text
  Logger.log(decryptedText );
}

What is the expected output? What do you see instead?
expected output is the input but you will see an extra character at the end. I 
have tracked the bug down to the "unpadBytesOut" function. it does not remove 
the "=" from the string. should the unpadding be done AFTER the 
decryption??!!?? or should it be removed before. (removing a decrypted "=" 
sounds difficult.)

What version of the product are you using? On what operating system?
not sure, i just copied the code today. running on windows 7. google chrome. 
google docs as a .gs (google script). js code runs as-is.

Please provide any additional information below.
i can try to figure out the fix, but hopefully someone beats me to it.

Original issue reported on code.google.com by samuelel...@gmail.com on 10 Dec 2013 at 7:33