AES encrypt and decrypt

[gogolxdong]

decrypt from encrypted message doesn't restore.

import nimcrypto/rijndael
import nimcrypto/bcmode
import base64, strutils
var cbc : CBC[aes128]
var key:string = "1234123412ABCDEF"
var iv: string = "ABCDEF1234123412"
var message: cstring="hello"
var decrypted:cstring = cast[cstring](alloc0(100))
var encrypted:cstring = cast[cstring](alloc0(100))
cbc.init(key.toOpenArrayByte(0, key.len-1), iv.toOpenArrayByte(0, iv.len-1))

cbc.encrypt(cast[ptr byte]( message), cast[ptr byte]( encrypted), 100)
echo encrypted
echo cbc.decrypt(cast[ptr byte](encrypted), cast[ptr byte]( decrypted), 100)
echo decrypted
dealloc decrypted
dealloc encrypted

[cheatfate]

@gogolxdong you can't reuse one CBC[aes128] context for encryption and decryption at the same time, because this context is changing all the time you call encrypt and decrypt. So for decryption you need to initialize context one more time.

import nimcrypto/rijndael
import nimcrypto/bcmode
import base64, strutils
var cbc : CBC[aes128]
var key:string = "1234123412ABCDEF"
var iv: string = "ABCDEF1234123412"
var message: cstring="hello"
var decrypted:cstring = cast[cstring](alloc0(100))
var encrypted:cstring = cast[cstring](alloc0(100))
cbc.init(key.toOpenArrayByte(0, key.len-1), iv.toOpenArrayByte(0, iv.len-1))
cbc.encrypt(cast[ptr byte]( message), cast[ptr byte]( encrypted), 100)
echo encrypted
## Initialization of context one more time
cbc.init(key.toOpenArrayByte(0, key.len-1), iv.toOpenArrayByte(0, iv.len-1))
echo cbc.decrypt(cast[ptr byte](encrypted), cast[ptr byte]( decrypted), 100)
echo decrypted
dealloc decrypted
dealloc encrypted
## Do not forget to clear `CBC[aes128]` context
cbc.clear()

[gogolxdong]

import nimcrypto/rijndael
import nimcrypto/bcmode
import base64, strutils
var cbc : CBC[aes128]
var key:string = "1234123412ABCDEF"
var iv: string = "ABCDEF1234123412"
var message: cstring="106593A41D2C0E8453AC2043D3E1860FA30984A594063B002349FBF72B602727"
var decrypted:cstring = cast[cstring](alloc0(100))

cbc.init(key.toOpenArrayByte(0, key.len-1), iv.toOpenArrayByte(0, iv.len-1))
echo cbc.decrypt(cast[ptr byte](message), cast[ptr byte]( decrypted), 100)
echo decrypted
dealloc decrypted
cbc.clear()

cannot restore the encrypted message from js , using CBC and PkcsPadding7

[cheatfate]

@gogolxdong could you please show original message you are trying to decrypt in hexadecimal format.
Because here i can only see that you are trying to decrypt/encrypt strings not actual binary data. Also you need to implement PKCS#7 padding by yourself.

[gogolxdong]

message is [email protected]. Isn't the message in hexadecimal format? I though it was.
But I am not familiar with cryptography , does this mean it cannot be decrypted if using PKCS#7?

[cheatfate]

@gogolxdong your key and iv must be at least 16 bytes (octets) long.
Your message length must be aligned to 16 bytes too.

[gogolxdong]

what does message aligned to 16 bytes mean? Will you show me?

[cheatfate]

AES encoding processing data via blocks of 128 bits (16 bytes). So you can't actually encode/decode safely 1 byte sequence or 15 bytes sequence, you need to have at least 16 bytes sequence. Its why PKCS#7 padding is used to pad data to 16 bytes. So len(message) mod 16 must be 0.

[gogolxdong]

what's the padding mode nimcrypto using?

[cheatfate]

@gogolxdong there no padding schemes in nimcrypto yet, currently its just a library of primitives and operations. So you need to pad it by yourself.

[gogolxdong]

Got it , but I'm afraid I'm not competent enough to write such a padding implementation. You should make some notes or write example codes to remind user these gotchas.

[vieruuuu]

@gogolxdong any luck with those padding examples ?