search

asmcrypto / asmcrypto.js

JavaScript Cryptographic Library with performance in mind.
MIT License
659 stars 182 forks source link

ECB decrypt function generates bad padding error #138

Closed ghost closed 6 years ago

ghost commented 6 years ago

I'm trying to use the ECB functions. I can encrypt a 16 byte data block without error (although see https://github.com/asmcrypto/asmcrypto.js/issues/137) but when I then try to decrypt it I get SecurityError("bad padding") from asmcrypto.all.js:1200:26)

I'm passing a 16 byte cipher text block which should not require further padding and so my padding arg is an empty array.

Looking at the code, asmcrypto.all.js:1200 rejects a padding arg which contains less than 1 byte, which seems incorrect to me.

               if ( pad < 1 || pad > 16 || pad > rlen )
                   throw new SecurityError("bad padding");

Here's my test code:

// ECB test
var asmcrypto = require('./asmcrypto.all');
var utils = require('./utils.js');

var hex_data    = "000000000012345677E4D611358EAF17";
var hex_key     = "8b84eedec100067d670971dd2aa700cf";
var hex_padding = "";

console.log("encrypt("+hex_data+","+hex_key+")");
var ecb_encrypted = asmcrypto.AES_ECB.encrypt( utils.hexToU8A(hex_data), utils.hexToU8A(hex_key), utils.hexToU8A(hex_padding));
console.log(asmcrypto.bytes_to_hex(ecb_encrypted));

console.log("------");

console.log("decrypt("+asmcrypto.bytes_to_hex(ecb_encrypted.slice(0,16))+","+hex_key+")");
var ecb_decrypted = asmcrypto.AES_ECB.decrypt(ecb_encrypted.slice(0,16) , utils.hexToU8A(hex_key), utils.hexToU8A(hex_padding));
console.log(asmcrypto.bytes_to_hex(ecb_decrypted));
alippai commented 6 years ago

This seems to be an error on multiple levels. Disabled the padding option, as AES-ECB shouldn't be used for arbitrary content: only randoms with the given size can be used securely. Version 0.18.0 should fix this issue.

ghost commented 6 years ago

From a very simple test this looks like it now works. All I've done is one simple test but encrypt then decrypt produced the expected result, only 16 octets were output by encrypt and I performed the same test with another library and got the same result.

// ECB test
var asmcrypto = require('./asmcrypto.all');

var hex_data    = "000000000012345677E4D611358EAF17";
var hex_key     = "8b84eedec100067d670971dd2aa700cf";
var hex_padding = "";

console.log("encrypt("+hex_data+","+hex_key+")");
var ecb_encrypted = asmcrypto.AES_ECB.encrypt( asmcrypto.hex_to_bytes(hex_data), asmcrypto.hex_to_bytes(hex_key), asmcrypto.hex_to_bytes(hex_padding));
console.log(asmcrypto.bytes_to_hex(ecb_encrypted));

console.log("------");

console.log("decrypt("+asmcrypto.bytes_to_hex(ecb_encrypted)+","+hex_key+")");
var ecb_decrypted = asmcrypto.AES_ECB.decrypt(ecb_encrypted , asmcrypto.hex_to_bytes(hex_key), asmcrypto.hex_to_bytes(hex_padding));
console.log(asmcrypto.bytes_to_hex(ecb_decrypted));
pi@raspberrypi:~/projects/asmcrypto.js $ node ecb_test.js
encrypt(000000000012345677E4D611358EAF17,8b84eedec100067d670971dd2aa700cf)
b2021754866e87226cf5b7f4232d216a
------
decrypt(b2021754866e87226cf5b7f4232d216a,8b84eedec100067d670971dd2aa700cf)
000000000012345677e4d611358eaf17

Thanks again!

alippai commented 6 years ago

Closing this in favor of #137