Re: [racket] PLaneTs crypto lib usage question?...

Wed, 18 Apr 2012 07:13:19 -0700

ok, I figured out the raised exception part... turns out the OpenSSL interface is a little bit too rigurous with respect to lib failure returns; they are all translated to raised errors. Can easily be eliminated by modifying check_error() in error.ss. But about the other question... very likely I don't understand enough about the meaning of init vectors, but shouldn' a strong encryption algorithm completly garble the cipher if only one part of the input changes to prevent attacks?... 

Quoting Rüdiger Asche <r...@ruediger-asche.de>:


I'm doodling around with vyzo's crypto lib from PLaneT, doing some very
rudimentary crypting and encrypting. I'm undoubtedly doing something
wrong, I just don't know what...

Here's my code (running from a directory that contains the crypto files):

(require srfi/78
         "main.ss"
         (only-in "util.ss" hex))

(require file/sha1)

(define devicekey (list->bytes '(#x12 #x34 #x56 #x78 #x87 #x65 #x43
#x26 #x12 #x34 #x56 #x78 #x87 #x65 #x43 #x26)))  ; must be length 16!!!

(define nonce (list->bytes '(#x12 #x34 #x56 #x78 #x87 #x65 #x43 #x26
#x12 #x34 #x56 #x78 #x87 #x65 #x43 #x27)))  ; must be length 16!!!

(define devicekey1 (list->bytes '(#x12 #x34 #x56 #x88 #x87 #x65 #x43
#x26 #x12 #x34 #x56 #x78 #x87 #x65 #x43 #x26)))  ; must be length 16!!!

(define nonce1 (list->bytes '(#x12 #x34 #x56 #x78 #x87 #x66 #x43 #x26
#x12 #x34 #x56 #x78 #x87 #x65 #x43 #x27)))  ; must be length 16!!!

(define dummy (encrypt cipher:aes-128 devicekey nonce #"1234567887654321"))

(bytes->hex-string dummy)

(decrypt cipher:aes-128 devicekey nonce dummy)

(decrypt cipher:aes-128 devicekey1 nonce dummy)

(decrypt cipher:aes-128 devicekey nonce1 dummy)

In effect, I hardcode two distinct AES keys, 2 initialization vectors
(wich I call nonce) and one piece of plain text to encrypt and decrypt.

Here are the results of the last three lines when executed in Racket:

(decrypt cipher:aes-128 devicekey nonce dummy)
#"1234567887654321"                            <== 1



(decrypt cipher:aes-128 devicekey1 nonce dummy)
EVP_CipherFinal_ex: libcrypto error: bad decrypt [digital envelope
routines:EVP_
DecryptFinal_ex:101077092]                     <== 2



(decrypt cipher:aes-128 devicekey nonce1 dummy)
#"1234557887654321"                            <== 3

So the first decryption (with the correct key and iv) yields the
expected result. Everything fine here.

When I decrypt with the correct iv but a wrong key, the OpenSSL Crypto
Lib raises an error. I think that is wrong; it should simply return
garbled output?

And when I decrypt with the correct key but an invalid init vector, I
would expect the decryption result to be radically different from the
original; instead, there is only one byte varying as if the iv only
does some weak manipulation on the input before doing the encryption?
Is that the way AES-128 works?

AES-192 is pretty much exactly the same:

Welcome to Racket v5.2.1.

(require srfi/78

         "main.ss"
         (only-in "util.ss" hex))



(require file/sha1)



(define devicekey (list->bytes '(#x12 #x34 #x56 #x78 #x87 #x65 #x43
#x26 #x12 #x
34 #x56 #x78 #x87 #x65 #x43 #x26 #x12 #x34 #x56 #x78 #x87 #x65 #x43
#x26)))  ; m
ust be length 24!!!



(define nonce (list->bytes '(#x12 #x34 #x56 #x78 #x87 #x65 #x43 #x26
#x12 #x34 #
x56 #x78 #x87 #x65 #x43 #x27 #x12 #x34 #x56 #x78 #x87 #x65 #x43 #x26)))
 ; must
be length 24!!!



(define devicekey1 (list->bytes '(#x12 #x34 #x56 #x88 #x87 #x65 #x43
#x26 #x12 #
x34 #x56 #x78 #x87 #x65 #x43 #x26 #x12 #x34 #x56 #x78 #x87 #x65 #x43
#x26)))  ;
must be length 24!!!



(define nonce1 (list->bytes '(#x12 #x34 #x56 #x78 #x87 #x66 #x43 #x26
#x12 #x34
#x56 #x78 #x87 #x65 #x43 #x27 #x12 #x34 #x56 #x78 #x87 #x65 #x43
#x26)))  ; must
 be length 24!!!



(define dummy (encrypt cipher:aes-192 devicekey nonce
#"123456788765432112345678
"))



(bytes->hex-string dummy)
"a5de853635ea2f7a61d709a7e2c877db1c6b15929d9559ff51e1fd470c6bf4a8"



(decrypt cipher:aes-192 devicekey nonce dummy)
#"123456788765432112345678"



(decrypt cipher:aes-192 devicekey1 nonce dummy)
EVP_CipherFinal_ex: libcrypto error: bad decrypt [digital envelope
routines:EVP_
DecryptFinal_ex:101077092]



(decrypt cipher:aes-192 devicekey nonce1 dummy)
#"123455788765432112345678"




Any ideas what is going on here?

Thanks!



____________________
 Racket Users list:
 http://lists.racket-lang.org/users





____________________
 Racket Users list:
 http://lists.racket-lang.org/users

Reply via email to