Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Developer
anta40
Posts: 224
Registered: ‎07-26-2010
My Device: Z10

Weird result of 128-bit AES string decryption

I found this PHP code, which is supposed to encrypted/decrypt string using 128-bit AES

<?php

function encrypt($str, $key) {
  $key = $this->hex2bin($key);    

  $td = mcrypt_module_open("rijndael-128", "", "cbc", "fedcba9876543210");

  mcrypt_generic_init($td, $key, "fedcba9876543210");
  $encrypted = mcrypt_generic($td, $str);

  mcrypt_generic_deinit($td);
  mcrypt_module_close($td);

  return bin2hex($encrypted);
}

function decrypt($code, $key) {
  $key = $this->hex2bin($key);
  $code = $this->hex2bin($code);

  $td = mcrypt_module_open("rijndael-128", "", "cbc", "");

  mcrypt_generic_init($td, $key, "fedcba9876543210");
  $decrypted = mdecrypt_generic($td, $code);

  mcrypt_generic_deinit($td);
  mcrypt_module_close($td);

  return utf8_encode(trim($decrypted));
}

function hex2bin($hexdata) {
  $bindata = "";

  for ($i = 0; $i < strlen($hexdata); $i += 2) {
    $bindata .= chr(hexdec(substr($hexdata, $i, 2)));
  }

  return $bindata;
}

 And I also found this BlackBerry code, which is to decrypt the string using 128-bit AES

public static String AES_decrypt(byte[] inputData, String inputKey) throws CryptoException, IOException {
		// First, create the AESKey again.
	    AESKey key = new AESKey(inputKey.getBytes("UTF-8"));

	    // Now, create the decryptor engine.
	    AESDecryptorEngine engine = new AESDecryptorEngine(key);
	    // Since we cannot guarantee that the data will be of an equal block length
	    // we want to use a padding engine (PKCS5 in this case).
	    PKCS5UnformatterEngine uengine = new PKCS5UnformatterEngine(engine);

	    // Create the BlockDecryptor to hide the decryption details away.
	    ByteArrayInputStream input = new ByteArrayInputStream(inputData);
	    BlockDecryptor decryptor = new BlockDecryptor(uengine, input);

	    // Now, read in the data.
	    byte[] temp = new byte[100];
	    DataBuffer buffer = new DataBuffer();

	    for (;;) {
	        int bytesRead = decryptor.read(temp);
	        buffer.write(temp, 0, bytesRead);

	        if (bytesRead < 100) {
	            // We ran out of data.
	            break;
	        }
	    }

	    byte[] plaintext = buffer.getArray();
	    return new String(plaintext);

	}
	

 

Given input=hello world and pass=1234567890123456, the output of the PHP script is 02a9b3d7a858164c24be33e2d47543f4.

 

And when I try to decrypt that using the same key in BlackBerry:

String decrypted = AES_decrypt(encrypted.getBytes(), key);
Dialog.inform("Decrypted: "+decrypted);

 

The result is weird:

weird_result.jpg

 

How to get the proper result?

Developer
peter_strange
Posts: 19,610
Registered: ‎07-14-2008
My Device: Not Specified

Re: Weird result of 128-bit AES string decryption

There is no mention of a padding engine in your php code, so unless you use data that is exactly a multiple of 16 bytes, I am not sure that you will see the same thing.  I would suggest that you try some test data that is 16 bytes long, and perhaps try some that is longer than 16 bytes to see if the first 16 bytes are correctly processed. 

 

I have done some work where a server encrypts some data that is decrypted on the Blackberry.  I am not a php coder so I'm not sure what the code actually does, but I believe the following is the php code that this application uses (changed a little for readability).  I don't know what padding this uses, but it only encrypts 16 bytes, so this is not relevant.

 

$encrypted = mcrypt_ecb(MCRYPT_RIJNDAEL_128, <key>, <16 byte data>, MCRYPT_ENCRYPT));

Developer
anta40
Posts: 224
Registered: ‎07-26-2010
My Device: Z10

Re: Weird result of 128-bit AES string decryption

Hmm I see. Anyway, I'm not a PHP coder too, and now I'm stuck :smileyindifferent:

 

BTW, I found another code:

<?php

$input = $_GET['input'];
$key = $_GET['key'];

echo getEncrypt(pkcs5_pad($input, 16), $key);

function getEncrypt($sStr, $sKey) {
    return base64_encode(
        mcrypt_encrypt(
            MCRYPT_RIJNDAEL_128, 
            base64_decode($sKey),
            $sStr,
            MCRYPT_MODE_ECB
        )
    );
}

function getDecrypt($sStr, $sKey) {
    return mcrypt_decrypt(
        MCRYPT_RIJNDAEL_128, 
        base64_decode($sKey), 
        base64_decode($sStr), 
        MCRYPT_MODE_ECB
    );
}

function pkcs5_pad($text, $blocksize){
	$pad = $blocksize - (strlen($text) % $blocksize);
	return $text . str_repeat(chr($pad), $pad);
}

?>

 

Also yields the weird result :Eek:

Developer
peter_strange
Posts: 19,610
Registered: ‎07-14-2008
My Device: Not Specified

Re: Weird result of 128-bit AES string decryption

In my experience, this is always an issue when you are comparing encryption across platforms. 

 

To resolve this sort of thing in the past, I have had it resort to the following long winded process:

 

1) I take a very simple key, very simple plain text, and made sure I can round-trip that in my more difficult platform (usually the Server).  By round-trip I could encrypt the text and get it back.

 

I would do this using plain ASCII bytes so that you do not have to worry about anything else like base64 encoding.  Do that later.  

 

Once you have a round-trip working on one end, take the same key and data and do the same thing at the other end.  Make sure you can round trip the data. 

 

And remember that php is a funny scripting language, so you need to be 100% sure what the data is using actually is (at a binary level).

 

Then spend time on whichever end is easy to test on, playing with the encryption until both ends produce the same cipher text from your plain text and both ends can decrypt that.

 

Do this with 16 bytes, so that you are not worried about padding or Block Chaining. 

 

It is fun!  NOT.