Andrew Andrew - 3 months ago 32
Java Question

AES encryption cross-component Java/Scala and C

I am trying to do a cross-component encryption working between different system. Currently, I can't really match the outputs.
I am using openssl/aes/h library for C and javax.crypto for Java/Scala.
I don't have much flexibility in changing the code in the C system, so that leaves me in the need of modifying the Java/Scala code.

#include <string.h>
#include <openssl/aes.h>

char key[] = "aaaaaaaaaaaaaaaa";

int main(){
unsigned char text[]="hello";
unsigned char enc_out[80];
unsigned char dec_out[80];

AES_KEY enc_key, dec_key;

AES_set_encrypt_key(key, 128, &enc_key);
AES_encrypt(text, enc_out, &enc_key);
return 0
}


The C code roughly looks like that.Using the AES_set_encrypt_key and AES_encrypt calls except there is padding with 0s when needed (when key is not 128 bits). The padding shouldnt matter for this simple example.

In the scala code I have:

def aes_encrypt(value: String, k: String): Array[Byte] = {
val cipher = Cipher.getInstance("AES")
val key = Arrays.copyOf(k.getBytes("UTF-8"), 16)
val secretKey: SecretKeySpec = new SecretKeySpec(key, 0, key.length, "AES")
cipher.init(Cipher.ENCRYPT_MODE, secretKey)
cipher.doFinal(value.getBytes("UTF-8"), 0, value.getBytes("UTF-8").length)
}


Using the key "aaaaaaaaaaaaaaaa" and message "hello" , in base64

The C code gives "XaiMOCo7KteRUkejpd8JLA=="

in Scala/Java "7GHRfFgKVdaAiwti36tqDQ=="

I am trying to match the outputs, but I have not been able to do it.
I have tried different algorithm for the Scala code, but I am not sure how to match the C output.

I have tried to look into the documentation of AES_set_encrypt_key and AES_encrypt calls, but I couldn't dig too much out of it. I know that there are better user friendly calls from the openssl library like evp_encryption calls, but I can't get away from AES_set_encrypt_key and AES_encrypt

jww jww
Answer

I am trying to match the outputs, but I have not been able to do it...

For OpenSSL, you are operating the cipher in ECB mode, and you are responsible for the padding. I believe OpenSSL is encrypting 16 bytes composed of 6 characters (hello\0) and 10 garbage characters.

For Java, I believe you are using the cipher with AES/ECB/PKCS5Padding. value: String is unconditionally padded using PKCS padding. The padding also means 16 bytes of plaintext will expand to 32 bytes of ciphertext while OpenSSL remains at 16.

In cases like this, its often good to go back to test vectors to see which implementation is diverging. For AES, you often use Brian Gladman's vectors.


I have tried to look into the documentation of AES_set_encrypt_key and AES_encrypt calls, but I couldn't dig too much out of it. I know that there are better user friendly calls from the openssl library like evp_encryption calls, but I can't get away from AES_set_encrypt_key and AES_encrypt

OpenSSL does not document them because they don't want you using them. If you stay with AES_encrypt and friends, then you are married to a software-only implementation. You will also suffer endian-ness issues on occasion because EVP interfaces handle that for you. Finally, you will not enjoy hardware acceleration, like AES-NI on i686 or AES on ARMv8.


The C code gives XaiMOCo7KteRUkejpd8JLA==, in Scala/Java 7GHRfFgKVdaAiwti36tqDQ==

Related, the Scala/Java is correct if you are aiming for ECB mode with PKCS padding. I can duplicate the Scala/Java results with Crypto++ (its StreamTransformationFilter uses PKCS padding by default):

int main(int argc, char* argv[])
{
  byte key[] = "aaaaaaaaaaaaaaaa";
  ECB_Mode<AES>::Encryption enc(key, 16);
  string result;

  StringSource ss(string("hello"), true,
                  new StreamTransformationFilter(enc,
                       new Base64Encoder(
                           new StringSink(result))));

  cout << result << endl;

  return 0;
}

From Comments

I will try to do AES/ECB/NoPadding and the do the padding myself in Scala.

You will still need to avoid the garbage characters in the C program. Maybe something like the following will help you match Java's PKCS #7 padding (0x0b applied 11 times):

unsigned char text[] = "hello\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";

Here's a larger string padded with PKCS #7 padding (0x06 applied 6 times):

unsigned char text[] = "hellohello\x06\x06\x06\x06\x06\x06";

If the string is 16 in length, then apply 0x10 16 times.


When using ECB, does it require an IV vector?

No. ECB mode does not require an IV. It encrypts a 16-byte block under a key (and nothing more).

Comments