seanbdurkin / tplockbox Goto Github PK

The following code fails. The encryption outputs two blocks when it should only output one. The first 16 bytes of 'outs' does match 'refs' though.

The KAT I'm using is the first on page 20 of http://csrc.nist.gov/groups/STM/cavp/documents/aes/AESAVS.pdf

procedure Check_tplockboxAES.SetUp;
begin
  inherited;
  Codec := TCodec.Create(nil);
  CryptoLib := TCryptographicLibrary.Create(nil);
  Codec.CryptoLibrary := CryptoLib;
  Codec.StreamCipherId := TPLB3.Constants.BlockCipher_ProgId;
  Codec.BlockCipherId := format(TPLB3.Constants.AES_ProgId, [128]);
  Codec.ChainModeId := TPLB3.Constants.ECB_ProgId;
  ks   := TBytesStream.Create();
  ins  := TBytesStream.Create();
  outs := TBytesStream.Create();
  refs := TBytesStream.Create();
end;

procedure Check_tplockboxAES.TearDown;
begin
  inherited;
  ks.free;
  ins.free;
  outs.free;
  refs.free;
end;

procedure Check_tplockboxAES.VerifyEncryptDecryptCycle;
begin
  HexToStream('00000000000000000000000000000000', ks);
  hextostream('80000000000000000000000000000000', ins);
  hextostream('3ad78e726c1ec02b7ebfe92b23d9ec34', refs);
  Codec.InitFromStream(ks);
  Codec.EncryptStream(ins, outs);
  check(comparememorystreams(outs, refs), format('refs: %s  outs: %s', [streamtohex(refs), streamtohex(outs)]));
end;

run\TPLB3.Random.pas(217) Error: E2037 Declaration of 'Read' differs from previous declaration
D:\Developer\Embarcadero\LockBox3\run\TPLB3.Random.pas(229) Error: E2003 Undeclared identifier: 'FAvail'
run\TPLB3.Random.pas(230) Error: E2003 Undeclared identifier: 'FBuffer'
run\TPLB3.Random.pas(234) Warning: W1023 Comparing signed and unsigned types - widened both operands
run\TPLB3.Random.pas(235) Error: E2003 Undeclared identifier: 'Crunch'
run\TPLB3.Random.pas(277) Error: E2037 Declaration of 'Write' differs from previous declaration
run\TPLB3.Random.pas(57) Error: E2065 Unsatisfied forward or external declaration: 'TRandomStream.Read'
run\TPLB3.Random.pas(58) Error: E2065 Unsatisfied forward or external declaration: 'TRandomStream.Write'
run\TPLB3.StreamUtils.pas(160) Fatal: F2063 Could not compile used unit 'TPLB3.Random.pas'

Hello,

I have updated my Delphi to latest release of LockBox, Please see my update in stackoverflow: http://stackoverflow.com/questions/40577998/using-delphi-lockbox-3-how-to-communicate-with-android-device
I'm making small test case in android and I'm copying the base64 text from delphi to android and then using Base64.decode but I get an error: "bad base64" and sometimes: "EVP_DecryptFinal_ex:data not multiple of block length"?
Any Idea?

Hello!

I use your library, it does a good business (I haven't found anything better). It's far from perfect (I close my eyes on that) but one thing all the time is insulting me..
When i compile any project with the correct debugging setup (I mean range check, overflow check etc..) I got all the time error in your library. I understand that these errors are false because you just assume that in certain portions of your code.. But can you add compiler directives to turn off these checks for your units if you do not respect these settings (I can do it on my own, but then each new version when I update I need to do that again in inc file).

Thank you in advance.

For private content from an Amazon CloudFront distribution, the api requires signing a json string using SHA1, and this is to be done with a private key provided by Amazon in PEM format. Reference: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html

Using Windows command line, this signing step can be done with OpenSSL.exe (tested v1.0.2g) as follows:

type input.utf8.json | bin\openssl.exe sha1   -sign private.key.pem| bin\openssl.exe  base64 > output.signed.viaopenssl.base64.txt

Basically that pipes the json string into openssl, which signs it, and the last step converts the binary to base64. The resulting base64 needs 3 replacements before it can be used in a URL, but it is sufficiently human-readable to see when it is a match.

sig.Replace(sLineBreak, '').Replace('+', '-').Replace('=', '_').Replace('/', '~');

The json string contains the policy, which defines the rules that CloudFront must follow when deciding whether to serve the file or say 'access denied.'

I am convinced that the json policy signature from openssl.exe is correct in that (a) it is accepted by the CloudFront http server, proven by the fact that the requested file is in fact served up, and (b) the signature matches exactly to the signature generated by CloudBerry Explorer for the same policy conditions (i.e. when the input json is the same in terms of url, expiration time and ip number restrictions).

For these reasons a+b, I am fairly confident that I know the "correct" signature output.

The TOpenSSL_Signatory.Sign method is not doing the same thing as the openssl command line, specifically this part

type input.utf8.json | bin\openssl.exe sha1   -sign private.key.pem

I have read through the source a few times but I do not see the reason for the discrepancy or any properties on the TOpenSSL_Signatory object that would control this.

I am fairly convinced that my inputs are correct, those being the PEM itself and the utf8 json string.

I am compiling with Delphi 10.1 Berlin for win32.

If anyone is available to help, I will upload a sample project to show the problem and provide the details so you can create a PEM within the Amazon console. That step only takes a few minutes if you have an AWS account.

[dcc64 Fatal Error] Required package 'designide' not found.

Previously I was using SeanBDurkin/tplockbox 3.6.3.0. I installed the Delphi 10 Seattle LockBox 3.5.0 package from IDE GetIt and I cannot get my previous crypted files to be decrypted with TCodec.DecryptStream. Are the two versions compatibles ? Here is my components configuration :

object Codec1: TCodec
AsymetricKeySizeInBits = 1024
AdvancedOptions2 = []
CryptoLibrary = CryptographicLibrary1
Left = 616
Top = 24
StreamCipherId = 'native.StreamToBlock'
BlockCipherId = 'native.3DES.1'
ChainId = 'native.CBC'
end
object CryptographicLibrary1: TCryptographicLibrary
Left = 624
Top = 88
end

Thanks