mervick / aes-everywhere Goto Github PK

#0 0x00002aaaab21d207 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55
#1 0x00002aaaab21e8f8 in __GI_abort () at abort.c:90
#2 0x00002aaaab25fd27 in __libc_message (do_abort=2, fmt=fmt@entry=0x2aaaab371678 "*** Error in `%s': %s: 0x%s \n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:196
#3 0x00002aaaab267d97 in malloc_printerr (ar_ptr=0x2aaaab5ad760 <main_arena>, ptr=0x45e360, str=0x2aaaab36ecf7 "corrupted size vs. prev_size", action=) at malloc.c:5004
#4 malloc_consolidate (av=av@entry=0x2aaaab5ad760 <main_arena>) at malloc.c:4161
#5 0x00002aaaab26967b in _int_malloc (av=av@entry=0x2aaaab5ad760 <main_arena>, bytes=bytes@entry=16) at malloc.c:3791
#6 0x00002aaaab26c1ac in __GI___libc_malloc (bytes=16) at malloc.c:2905
#7 0x000000000040380a in Pkcs7Padding(unsigned char, unsigned int) ()
#8 0x0000000000403b16 in AES256::encrypt(unsigned char const, unsigned long, unsigned char const) ()

cp: can't stat 'src/aes256.lua': No such file or directory

Error: Build error: Failed installing src/aes256.lua in /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/aes_everywhere/1.1.3-6/lua/aes_everywhere.lua: Failed copying src/aes256.lua to /usr/local/openresty/luajit/lib/luarocks/rocks-5.1/aes_everywhere/1.1.3-6/lua/aes_everywhere.lua

I have trouble to decrypt the encrypted data from Java (Android) by using the Python version.

Below are the encrypted data and decrypted data (using Java) using logging console

Encrypted value: U2FsdGVkX1+Fj1M3NjIHTzMbmWl2PCd0cbK0Dfw00R0= //plaintext is 'TEXT'
Secret Key: m6Cl+NAZ2hqxx8Ulg0WlXR16oiY1zG3O/OyJLKfmbFk= //generated by using SHA-256 for testing purposes
Decrypted value: TEXT

So it can be encrypted and decrypted perfectly using Java.

And below is my attempt to decrypt using Python

from aes256 import aes256

encrypted = b'U2FsdGVkX1+Fj1M3NjIHTzMbmWl2PCd0cbK0Dfw00R0=' #plaintext is 'TEXT', same as above
key = 'm6Cl+NAZ2hqxx8Ulg0WlXR16oiY1zG3O/OyJLKfmbFk=' #still the same key as above

print(encrypted)

# decryption
decrypted = aes256().decrypt(encrypted, key)
print(decrypted)

and it returned

b'U2FsdGVkX1+Fj1M3NjIHTzMbmWl2PCd0cbK0Dfw00R0='
b''

Which means the decryption failed.

However, if I use encryption and decryption key as simple as 'PASSWORD' on both languages, the decryption works.

Is my problem related to the generated key?

While executing your PHP Code, I am receiving several deprecated warnings, some of which are:

1. Deprecated: Function mcrypt_module_open()
2. Deprecated: Function mcrypt_generic_init()
3. Deprecated: Function mdecrypt_generic()
4. Deprecated: Function mcrypt_generic_deinit()
5. Deprecated: Function mcrypt_module_close()

Hello aes-everywhere folks;

I did a quick review of the code in this repo to determine its suitability for some sensitive applications, where the security guarantees provided by the encryption are mission-critical.

I strive to be friendly in my disclosures; I think this is a noble effort. Unfortunately, certain design choices in this repository make the encryption unsuitable for sensitive applications. Among them:

1. md5 is not suitable for a key derivation function. If you look at Latacora's Cryptographic Right Answers, they offer the following guidance on password handling:

   In order of preference, use scrypt, argon2, bcrypt, and then if nothing else is available PBKDF2.

   For a key derivation function to be secure, it should use a standard algorithm with security rooted in a cryptograhpically secure pseudorandom function. I recommend following Latacora's guidance here, and selecting a derivation function from one of their listed options.

   It's unclear if the key derivation algorithm is standard or homerolled. In any case, it's best to move to a modern, standard key derivation function rooted in a non-broken pseudorandom function if you must support password-based key derivation.

2. This library implements pkcs7 padding, but it doesn't authenticate the encrypted/padded data. This means adversaries can play games with the padding used. If you look at the Cryptopals post on exploiting CBC padding oracles, they explain how unauthenticated padding can be attacked to reveal secret information.

   To fix this, you should authenticate the padding information in addition to encrypting the secret information. There are two ways to go about doing this. The older way (a) is to add a MAC around the entire data packet, thereby ensuring that attackers who do not possess the secret key cannot modify the padding. The more modern approach (b) is to use what's called an AEAD construction. The common implementation here is NaCl secretbox, which has implementations in many languages (e.g., Go). The idea here is that rather than supporting MAC and Encrypt as separate functions that must be nested in a particular order, AEADs combine encryption and authentication into one function that does everything in the right order. This averts some notable issues with padding and encryption separately, summarized in Moxie Marlinspike's cryptographic doom principle.

I think these are important problems that undermine the security guarantees aes-everywhere is intended to provide. It's great that you've done all this implementation work bringing cross-platform, multi-language cryptography to the masses, but I think the cryptography choices could use some re-evaluation and are probably deserving of a new release that resolves these issues.

As things stand, the encryption is vulnerable when short passphrases are permitted (the 8 byte salt is too short to be very meaningful), and the unauthenticated padding means that black box network applications that support untrusted decrypt() calls might be attacked to reveal the secret data. All of these problems are fixable, but they would take some major changes to the library.

This could mislead users into a false sense of safety using the library, and if they're doing anything mission-critical these implementations are probably unsuitable.

Again, thanks for your work and the tough business of making something open-source. I hope I can convince you to make this into something better, secure enough to be worthy of widespread adoption.

Hello,
i have tried

String encrypted = Aes256.encrypt("TEXT", "PASSWORD");
System.out.println(encrypted);

but i get 👍
java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)
at javax.crypto.Cipher.implInit(Cipher.java:805)
at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
at javax.crypto.Cipher.init(Cipher.java:1396)
at javax.crypto.Cipher.init(Cipher.java:1327)
at encrypturl.Aes256.encrypt(Aes256.java:64)

The current implementation works for string only, can you expose interface to encrypt and decrypt binary data?

It's not possible to encrypt bytes in Python 3 server and do decryption in C#, as the PKCS7 implementation supports str object only.

The documentation of the javascript version says "Works well both on the browsers". But the script actually doesn't run in the browser? It uses require, which assumed NodeJS?

Can you write a small shell script (e. g. bash or PowerShell) with the usage of the openssl console program? I know that I can use e.g. a python script and embedd it into a shell code but it would be great if there is a shell only implementation too

Thanks in advance!

There's no gettimeofday on WIndows either, can you fix it?

It would be great if Rust Language could be added.

Thank You

error: undefined reference to 'base64_decode(std::__ndk1::basic_string<char, std::__ndk1::char_traits, std::__ndk1::allocator > const&)'

when import it to android studio 4.1

I am trying to install this library and I am getting the following output and failure. Am I doing something wrong?

$ composer require mervick/aes-everywhere -vvv
Reading ./composer.json
Loading config file ./composer.json
Checked CA file /etc/pki/tls/certs/ca-bundle.crt: valid
Executing command (/home/foo): git branch --no-color --no-abbrev -v
Reading /home/foo/vendor/composer/installed.json
Running 1.5.1 (2017-08-09 16:07:22) with PHP 5.6.40 on Linux / 4.14.121-85.96.amzn1.x86_64
Downloading https://packagist.org/packages.json
Writing /home/foo/.composer/cache/repo/https---packagist.org/packages.json into cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-2013.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-2014.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-2015.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-2016.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-2017.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-2018.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-2018-10.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-2019-01.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-2019-04.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-2019-07.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-archived.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/p-provider-latest.json from cache
Reading /home/foo/.composer/cache/repo/https---packagist.org/provider-mervick$aes-everywhere.json from cache

[InvalidArgumentException]
Could not find package mervick/aes-everywhere at any version for your minimum-stability (stable). Check the package spelling or your minimum-stability

Exception trace:
() at phar:///usr/bin/composer/src/Composer/Command/InitCommand.php:647
Composer\Command\InitCommand->findBestVersionForPackage() at phar:///usr/bin/composer/src/Composer/Command/InitCommand.php:369
Composer\Command\InitCommand->determineRequirements() at phar:///usr/bin/composer/src/Composer/Command/RequireCommand.php:117
Composer\Command\RequireCommand->execute() at phar:///usr/bin/composer/vendor/symfony/console/Command/Command.php:266
Symfony\Component\Console\Command\Command->run() at phar:///usr/bin/composer/vendor/symfony/console/Application.php:861
Symfony\Component\Console\Application->doRunCommand() at phar:///usr/bin/composer/vendor/symfony/console/Application.php:208
Symfony\Component\Console\Application->doRun() at phar:///usr/bin/composer/src/Composer/Console/Application.php:245
Composer\Console\Application->doRun() at phar:///usr/bin/composer/vendor/symfony/console/Application.php:127
Symfony\Component\Console\Application->run() at phar:///usr/bin/composer/src/Composer/Console/Application.php:100
Composer\Console\Application->run() at phar:///usr/bin/composer/bin/composer:54
require() at /usr/bin/composer:24

require [--dev] [--prefer-source] [--prefer-dist] [--no-progress] [--no-suggest] [--no-update] [--no-scripts] [--update-no-dev] [--update-with-dependencies] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [--sort-packages] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--] []...

I am getting this error

line 89, in __derive_key_and_iv
    d_i = md5(d_i + password + salt).digest()
TypeError: must be str, not bytes

when I am trying to execute the python code

I am using it like this:

print(aes256.aes256().encrypt("Hello World", "pass"))

Hi!
Thanks for all your efforts!
Can you also add support for just regular binary files? I. e. encrypt/decrypt files instead of strings?
Thx

It will be aawesome if aes-everywhere for dart Language is made available. Thank You.

Java/JDK1.8/Docker

Can you please add golang as a language for this set of packages/modules?

Sorry for my english!

$ uname -a
Linux pt-ubuntu 4.15.0-66-generic #75~16.04.1-Ubuntu SMP Tue Oct 1 14:01:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

$ vi main.cpp

#include <stdlib.h>
#include <iostream>
#include <string.h>
#include <stdio.h>
#include <sys/time.h>
#include "aes256.h"
#include <stdint.h>

using namespace std;

int main(int argc, char ** argv)
{
    std::string text = std::string("Test string");
    std::string passphrase = std::string("PASSPHRASE");

    std::string encrypted = AES256::encrypt(text, passphrase);
    std::string decrypted = AES256::decrypt(encrypted, passphrase);

    cout  << encrypted << endl;
    cout << decrypted << endl;

    return 0;
}

After multiple tries (~10):
$ ./a.out

*** Error in `./a.out': malloc(): memory corruption (fast): 0x0000000001f09030 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f3a8cb877e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x82651)[0x7f3a8cb92651]
/lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7f3a8cb94184]
./a.out[0x4041dc]
./a.out[0x4044b7]
./a.out[0x4046dc]
./a.out[0x404b72]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f3a8cb30830]
./a.out[0x4015c9]
======= Memory map: ========
00400000-00408000 r-xp 00000000 00:33 2494940                            /home/peterpan/Downloads/aes-everywhere-master/cpp/build/a.out
00608000-00609000 r--p 00008000 00:33 2494940                            /home/peterpan/Downloads/aes-everywhere-master/cpp/build/a.out
00609000-0060a000 rw-p 00009000 00:33 2494940                            /home/peterpan/Downloads/aes-everywhere-master/cpp/build/a.out
01ef7000-01f29000 rw-p 00000000 00:00 0                                  [heap]
7f3a88000000-7f3a88021000 rw-p 00000000 00:00 0 
7f3a88021000-7f3a8c000000 ---p 00000000 00:00 0 
7f3a8c807000-7f3a8c90f000 r-xp 00000000 103:06 134432                    /lib/x86_64-linux-gnu/libm-2.23.so
7f3a8c90f000-7f3a8cb0e000 ---p 00108000 103:06 134432                    /lib/x86_64-linux-gnu/libm-2.23.so
7f3a8cb0e000-7f3a8cb0f000 r--p 00107000 103:06 134432                    /lib/x86_64-linux-gnu/libm-2.23.so
7f3a8cb0f000-7f3a8cb10000 rw-p 00108000 103:06 134432                    /lib/x86_64-linux-gnu/libm-2.23.so
7f3a8cb10000-7f3a8ccd0000 r-xp 00000000 103:06 134426                    /lib/x86_64-linux-gnu/libc-2.23.so
7f3a8ccd0000-7f3a8ced0000 ---p 001c0000 103:06 134426                    /lib/x86_64-linux-gnu/libc-2.23.so
7f3a8ced0000-7f3a8ced4000 r--p 001c0000 103:06 134426                    /lib/x86_64-linux-gnu/libc-2.23.so
7f3a8ced4000-7f3a8ced6000 rw-p 001c4000 103:06 134426                    /lib/x86_64-linux-gnu/libc-2.23.so
7f3a8ced6000-7f3a8ceda000 rw-p 00000000 00:00 0 
7f3a8ceda000-7f3a8cef0000 r-xp 00000000 103:06 136492                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7f3a8cef0000-7f3a8d0ef000 ---p 00016000 103:06 136492                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7f3a8d0ef000-7f3a8d0f0000 rw-p 00015000 103:06 136492                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7f3a8d0f0000-7f3a8d262000 r-xp 00000000 103:06 1181328                   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7f3a8d262000-7f3a8d462000 ---p 00172000 103:06 1181328                   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7f3a8d462000-7f3a8d46c000 r--p 00172000 103:06 1181328                   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7f3a8d46c000-7f3a8d46e000 rw-p 0017c000 103:06 1181328                   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7f3a8d46e000-7f3a8d472000 rw-p 00000000 00:00 0 
7f3a8d472000-7f3a8d498000 r-xp 00000000 103:06 133461                    /lib/x86_64-linux-gnu/ld-2.23.so
7f3a8d66a000-7f3a8d670000 rw-p 00000000 00:00 0 
7f3a8d696000-7f3a8d697000 rw-p 00000000 00:00 0 
7f3a8d697000-7f3a8d698000 r--p 00025000 103:06 133461                    /lib/x86_64-linux-gnu/ld-2.23.so
7f3a8d698000-7f3a8d699000 rw-p 00026000 103:06 133461                    /lib/x86_64-linux-gnu/ld-2.23.so
7f3a8d699000-7f3a8d69a000 rw-p 00000000 00:00 0 
7ffcd8cbd000-7ffcd8cde000 rw-p 00000000 00:00 0                          [stack]
7ffcd8d27000-7ffcd8d2a000 r--p 00000000 00:00 0                          [vvar]
7ffcd8d2a000-7ffcd8d2c000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)

System.Security.Cryptography.CryptographicException: "Padding is invalid and cannot be removed."

File "/usr/local/python3/lib/python3.9/site-packages/aes_everywhere-1.2.8-py3.9.egg/AesEverywhere/aes256.py", line 32, in
from Crypto import Random
ModuleNotFoundError: No module named 'Crypto'

This is python3.5

I'm sure I have # -*- coding: utf-8 -*- at the top of the file, but not sure what's going on.

if __name__ == '__main__':    #code to execute if called from command-line
    test = '''©'''
    print(aes256().decrypt(aes256().encrypt(test, "pass"), "pass"))

self.__pkcs5_padding(raw) outputs

raw_padded b'\xc2\xa9\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f'

Then throws an error at

cipher_encrypted = cipher.encrypt(raw_padded)

  File "/usr/local/lib/python3.5/site-packages/Crypto/Cipher/blockalgo.py", line 244, in encrypt
    return self._cipher.encrypt(plaintext)
ValueError: Input strings must be a multiple of 16 in length

I am using Java to encrypt and python to decrypt. Format of encrypted string is same in both cases (python & Java) but when I try decryption output result is in some kind of unicode data like "\x9f\xb79a\xf9\x8d...........". But this is not the case with Swift.

I noticed that the Base64 library requires API level 26 (Oreo), which is quite high. I am using my own phone (Nougat) to test my own app, so it doesn't work.

If I tried to change the library android.util.Base64, and modified codes from

return Base64.getEncoder().encodeToString(data);
final byte[] inBytes = Base64.getDecoder().decode(encrypted);

return Base64.encodeToString(data, Base64.DEFAULT);
final byte[] inBytes = Base64.decode(encrypted, Base64.DEFAULT);

On decryption, the error java.lang.IllegalArgumentException: Initial bytes from input do not match OpenSSL SALTED_MAGIC salt value. is thrown.

And of course even if it works, does it affect the libraries for other languages (especially Python, since I need to decrypt using Python)

Im getting a different result in c++ & php

Sorry for raising another issue, it may look trivial, but I have no idea to solve it.

I tried to implement the Python version by downloading aes256.py and creating a testing.py (both files are in the same folder).

For testing.py, I use the same code just like in the README.md

import aes256 from aes256

# encryption
print(aes256.encrypt('TEXT', 'PASSWORD'))

# decryption
print(aes256.decrypt('ENCRYPTED', 'PASSWORD'))

but it raises the error

import aes256 from aes256
SyntaxError: invalid syntax`

with the '^' symbol pointing to the letter 'm' of 'from'.

What I did was to modify the code to this:

import aes256 

aes256_v = aes256.aes256()

# encryption
print(aes256_v.encrypt('TEXT', 'PASSWORD'))

# decryption
print(aes256_v.decrypt('ENCRYPTED', 'PASSWORD'))

but now the error that appeared was

Traceback (most recent call last):
  File "<mydirectory>/Python Testing/testing.py", line 6, in <module>
    print(aes256_v.encrypt('TEXT', 'PASSWORD'))
  File "<mydirectory>\Python Testing\aes256.py", line 39, in encrypt
    return base64.b64encode(b'Salted__' + salt + cipher.encrypt(self.__pkcs5_padding(raw)))
  File "C:\Users\<myname>\AppData\Local\Programs\Python\Python36\lib\site-packages\Crypto\Cipher\_mode_cbc.py", line 160, in encrypt
    expect_byte_string(plaintext)
  File "C:\Users\<myname>\AppData\Local\Programs\Python\Python36\lib\site-packages\Crypto\Util\_raw_api.py", line 172, in expect_byte_string
    raise TypeError("Only byte strings can be passed to C code")
TypeError: Only byte strings can be passed to C code

I use VSCode and Python 3.6.3