meychi / ascrypt Goto Github PK

var out:String = Base64.encode(bytes);
in output missing one character on end of string "....vVfeey2z=" ,
correct Base64 encoding return one more char "....vVfeey2zo="

1- Turn all function to inline ( greatly increase security).
2- Turn all .concat([]) to Array.copy(). It greatly increases perfs on various targets.

If you are ok with those and have no time, i can do the fix myself.

Thanks for your perfect work anyway !

Hi,

Thanks for the lib which is very interesting !

It would be very cool to provide unittests with the haxe lib. We are detecting issues but it is impossible to quickly know where the error comes from without reference code.

Thanks a lot :)

str2long processes each 4 bytes into a 32 bit integer without checking for any possible remainder. This causes strings with, let's say for example, 142 chars to be processed only up to the 140th char.

A quick workaround to this problem is appending nullbytes as padding. Things like this are handled in a javascript implementation of the same encryption technique.

https://html-encrypter.googlecode.com/svn/trunk/hea5.js
(The only difference, is that this implementation base64's the final result, apart from that, it is much similar to yours)

So I'd suggest the following changes

    /**
     * Converts string to long array.
     */
    private static function str2long($s)
    {
        // Fill last 4-char block
        $i = strlen($s);
        $r = $i % 4;
        if($r != 0) $s = str_pad($s, $i + 4 - $r, "\0");

        // Convert and return
        return array_values(unpack('V*', $s));
    }

    /**
     * Converts long array to string.
     */
    private static function long2str($v)
    {
        // Convert
        $s = '';
        for ($i = 0; $i < count($v); $i++)
        {
            $s .= pack('V', $v[$i]);
        }

        // Strip trailing null chars resulting from filling last 4-char block and return
        return rtrim($s, "\0");
    }

Regards,
NewEraCracker

Hello,

As rails uses ruby, I tried to use https://github.com/nateware/fast-aes which uses AES (ECB mode)

So, I tried it with AES-128, what I do is encrypt using your library and try to decrypt using fast-aes, unfortunately I couldn't have the same results..

if input is "0123456789012345" , after deencrypt at fast-aes, I get:
0123456789012345���xo�]�[����SYi

Here is my implementation in haxe:

var input:String = "0123456789012345";
var utf8Bytes:Array<Int> = UTF8.textToBytes(input);

var aes128key:Array<Int> = UTF8.textToBytes("1234567890123456");
var aes128enc:Array<Int> = AES.encrypt(aes128key, PKCS7.pad(utf8Bytes, 16)); // Encrypt in ECB. Needs padding.
var aes128dec:Array<Int> = PKCS7.unpad(AES.decrypt(aes128key, aes128enc)); // Decrypt in ECB. Needs unpadding.

I copy the result of Base64.encode(aes128enc) and paste into ruby:

aesHx = FastAES.new("1234567890123456")
aesHx.decrypt(Base64.decode64("e0v8id0XABVEgrx+toa7DgUBh6DN5amHLLqwkatz5V="))

I am using the same key on client and server, can you please advice?

used that to gen keys :

openssl enc -aes-128-cbc -k secret -P -md sha1

The following code does not crypt/decrypt correctlyin cbc but in ctr it works perfectly.

public static function tryCBC()
{
var data = "ernlkg aerlblaeRBEQBERBREJBEFBNBR345TY5";
var padded = org.ascrypt.padding.ZEROS.pad( org.ascrypt.encoding.UTF8.textToBytes(data), 128);

    var key = org.ascrypt.encoding.UTF8.textToBytes("32C60C1485850AAA08C0F3AF96AA25CC");
    var iv = org.ascrypt.encoding.UTF8.textToBytes("C2CB1796EE7BA6D67B3E7A5701F84A29");

    var cr = org.ascrypt.AES.encrypt( key, padded, "cbc", iv);
    var dcr = org.ascrypt.AES.decrypt( key, cr, "cbc", iv);


    var ndata = org.ascrypt.encoding.UTF8.bytesToText( org.ascrypt.padding.ZEROS.unpad(dcr) );
    trace("matches :"+ (data == ndata));
    trace(data);
    trace(ndata);
}

Have i missed something ?

Thanks a lot

Is it possible to create port for node.js?

The AS2 examples keep throwing this error. You can replicate it by running the following code:

import org.ascrypt.*;
import org.ascrypt.common.*;
import org.ascrypt.padding.*;
import org.ascrypt.encoding.*;
import org.ascrypt.utilities.*;

var aes256iv:Array = UTF8.textToBytes("1234567890123456");
var aes256key:Array = UTF8.textToBytes("12345678901234561234567890123456");
var aes256enc:Array = AES.encrypt(aes256key, PKCS7.pad(utf8Bytes, 16), OperationMode.CTR, aes256iv); // Encrypt in CTR mode. Needs padding.
var aes256dec:Array = PKCS7.unpad(AES.decrypt(aes256key, aes256enc, OperationMode.CTR, aes256iv)); // Decrypt in CTR mode. Needs unpadding.