Mike Cook wrote:
> Michael Graff wrote:
>> Don't worry, you know what an IV is and why using 0 is bad, so I won't
>> 'yell' at you :)
>>
>> You are probably running into padding issues. Since AES is a block
>> cypher, each block must be exactly the correct length I suspect.
>>
>> How are you calling the decrypt code? You're just feeding data into
>> the encryption system and after you are all done with the data,
>> calling final? That should work, but I do not have any way to write
>> code in Flash to test this. If you could have Flash encrypt
>> something, perhaps 101 bytes or so long (odd to ensure padding
>> occurs), and send the plaintext, the key, and the encrypted string
>> (uuencode, hex dump, whatever) I can experiment.
>>
>> --Michael
>
> Hi,
>
> Thanks... Definitely appears to be padding issues. We are using Bouncy
> Castle CTS AES encrypt. The openSSL appears to be using CBC. I'm no
> expert... In looking at the RFC, it appears there is a difference
> between how CBC and CBC/CTS handles padding. There is a reference in
> the rfc to swapping within the last partial block as part of the
> process... not sure how/whether this is implemented.
>
> Below is the output from my irb session. The clear text is supposed to
> be:
> AAAAAAAABBBBBBBBAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDCCCCCCCCDDDDDDDDAAAAAAAABBBBBBBBAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDCCCCCCCCDDDDDDDDXXXYYY
>
> key: 4b1114cc73fed8b5428c3dee60d7773a
>
>
> Please notice that the first part of the message is decrypted
> correctly.... the partial at the end is not.
>
>
>
>
> irb(main):821:0> a= OpenSSL::Cipher::Cipher.new('aes-256-cbc')
> => #<OpenSSL::Cipher::Cipher:0xb79b9378>
>
> irb(main):822:0> a.key=d
> => "4b1114cc73fed8b5428c3dee60d7773a"
>
> irb(main):823:0>
> a.iv='00000000000000000000000000000000'.unpack('a2'*32).map{|x|
> x.hex}.pack('c'*32)=>
> "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
>
> irb(main):824:0>
> data='TmI9HrNrsMBxSfwApvSaQrLIDsLboNhIW/FawPjNUB0x/G0ZDf+gfk4JaTc/tGxDg1s4mrIRFOoBJemK+txUF0+aPw8bxIgzxmB3gq18aJRoSo5PWqbzS8FCCHrb3leKf4UUNFaIAaVVY1a5ymZ/HMPhwAKbii8x9Uk/S0MxaDofHTluc1E='.unpack('m')[0]
> =>
> "Nb=\036\263k\260\300qI\374\000\246\364\232B\262\310\016\302\333\240\330H[\361Z\300\370\315P\0351\374m\031\r\377\240~N\ti7?\264lC\203[8\232\262\021\024\352\001%\351\212\372\334T\027O\232?\017\e\304\2103\306`w\202\255|h\224hJ\216OZ\246\363K\301B\bz\333\336W\212\177\205\0244V\210\001\245UcV\271\312f\177\034\303\341\300\002\233\212/1\365I?KC1h:\037\0359nsQ"
>
> irb(main):825:0> s=a.update(data)
> =>
> "AAAAAAAABBBBBBBBAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDCCCCCCCCDDDDDDDDAAAAAAAABBBBBBBBAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD8\300u\003|\200\243jf\bkf\005\251\327\242"
>
> irb(main):826:0> s<<a.final
> OpenSSL::Cipher::CipherError: wrong final block length
> from (irb):826:in `final'
> from (irb):826
> from :0
> irb(main):827:0>
As a follow on, I was just reading an interesting article on Wikipedia.
Here's a snippet from it:
CBC ciphertext stealing decryption using a standard CBC interface
1. Dn = Decrypt (K, Cn−1). Decrypt the second to the last ciphertext
block.
2. Cn = Cn || Tail (Dn, B−M). Pad the ciphertext to the nearest
multiple of the block size using the last B−M bits of block cipher
decryption of the second-to-last ciphertext block.
3. Swap the last two ciphertext blocks.
4. Decrypt the ciphertext using the standard CBC mode.
5. Truncate the plaintext to the length of the original ciphertext.
Looks like the above is the mechanism to translate the last couple of
blocks of ciphertext to a form understandable by the CBC interface.
I think I understand points 1, 3, 4, and 5. I'm having a tougher time
with number 2, but I get the basic idea.
Let's say the the message is 134 bytes long. Then, I'd do 134 % 16 and
I get 6. If my block size is 128 bits (16 bytes*8 bits), then I'd
subtract 48 bits (6 bytes * 8 bits). That means 80 bits would be used
as a repeated pattern to pad the end of the message to make it evenly
divisible by 16. So, I'd add in one iteration (10 bytes) in this case,
to bring the message to 144 bytes (evenly divisible by the block size -
16).
Anyway, that's what I'm going to try. Please wish me luck ;-)
Mike
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
