beyondzzk / as3crypto

Automatically exported from code.google.com/p/as3crypto
0 stars 0 forks source link

AESKey.decrypt only decrypts the first 16 bytes of a message correctly, and put the rest of the encrtyped message on the end. #48

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Used a simple java program to AES encrpt a message with simple key:

public static void main(String[] args) throws Exception {
    String message = "this is a longer message of 32by";
    String strKeyHex="faf579668b4bb03be0732eb0a42a7ebe";
    byte[] raw = hexToBytes(strKeyHex);
    KeyGenerator kgen = KeyGenerator.getInstance("AES");
    kgen.init(128); // Dont know what this should be.
    SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
    Cipher cipher = Cipher.getInstance("AES");
    System.out.println("key=" + asHex(raw));
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
    byte[] encrypted = cipher.doFinal(message.getBytes());
    System.out.println("encrypted string: " + asHex(encrypted));
    }

This results in the follwing:
key=faf579668b4bb03be0732eb0a42a7ebe 
encrypted string: 
0877a0ef7eb43b4dae5734cea8eca4e888372368c0c9337765fe2246eb058505245f2e267813374f
959e2a7757bf8d66

Using as3crypto to decrypt:

public function TestDecryption() {
    var key:ByteArray;
    var message:ByteArray;
    var AES:AESKey;

    key = Hex.toArray("faf579668b4bb03be0732eb0a42a7ebe");
    AES = new AESKey(key);
    message = Hex.toArray("0877a0ef7eb43b4dae5734cea8eca4e888372368c0c9337765fe2246eb058505245f2e267813374f959e2a7757bf8d66");

    trace("encrtyped messsage len=" + message.length);      
    trace("raw encrpted message =0877a0ef7eb43b4dae5734cea8eca4e888372368c0c9337765fe2246eb058505245f2e267813374f959e2a7757bf8d66");

    AES.decrypt(message);

    trace("raw decrypted message=" + Hex.fromArray(message, false));
    trace("original unenc messag=746869732069732061206c6f6e676572206d657373616765206f6620333233322");
    trace("decrypted message len=" + message.length);
    trace("decrypted message=" + Hex.toString(Hex.fromArray(message, false)));
    }

Got this:

encrtyped messsage len=48
raw encrpted message 
=0877a0ef7eb43b4dae5734cea8eca4e888372368c0c9337765fe2246eb058505245f2e267813374
f959e2a7757bf8d66
raw decrypted 
message=746869732069732061206c6f6e67657288372368c0c9337765fe2246eb058505245f2e26
7813374f959e2a7757bf8d66
original unenc 
messag=746869732069732061206c6f6e676572206d657373616765206f6620333233322
decrypted message len=48
decrypted message=this is a longerˆ7#hÀÉ3weþ"Fë…$_.&x7O•ž*wW¿f

As you can see, the first 16 bytes of the message have been correctly 
decrypted, but the rest of the decrypted message is the raw unencrypted 
message. 

What version of the product are you using? On what operating system?

Downloaded from google last week, dont know how to get the version.
Runing on latest update of XP (32bit)

Please provide any additional information below.

I cant find any documenation in the source, wiki or google on how to use this 
library, and Im guessing Im either using it wrong (I should be calling 
something high level), there is a bug, or as3crypto cannot be used to decrypt 
AES messages longer than 16 bytes (which I would constitue a bug).
Any ideas?

Original issue reported on code.google.com by hob...@gmail.com on 24 Oct 2010 at 10:07

GoogleCodeExporter commented 9 years ago
I found out the exactly same thing today. Just the first block is correctly 
decrypted.

Original comment by ingo.he...@gmail.com on 9 Nov 2010 at 9:53

GoogleCodeExporter commented 9 years ago
It seems you need to do a loop, such as below. Note, if the incomming data is 
not packed to exactly 16 bytes, you are in trouble.  

var blocks:uint = message.length / 16;
if (blocks == 0) blocks = 1; 
for (var block:uint=0; block < blocks; block++) {
    AES.decrypt(message, block*16);
}

Original comment by hob...@gmail.com on 9 Dec 2010 at 7:54

GoogleCodeExporter commented 9 years ago
The solution is to use the Crypto class, which sits above the AES class.  See 
issue 51 for a working example.

Original comment by hob...@gmail.com on 10 Dec 2010 at 11:58