Crypto AES256 v4.3.2.1 D11 encryption Key 256 CBC is not compatible with v4.3.0.4 AES encryption

Aldo_Victoria_Garcia · October 7, 2021, 10:49pm

Hi,

Im migrating my 10.4.2 app to D11, so i downloaded current v4.3.2.1 TMS crypto version.

The problem is that the encrypted data made with v4.3.0.4 is not compatible with v4.3.2.1. Im getting this error:

Project app.apk raised exception class ECryptoPack with message 'error : in AES, the cipher text cannot be decrypted because the padding is not correct!

Would like support with this case, because now i have an encrypted database that my app cant read.

Bernard · October 8, 2021, 6:04am

Hi Aldo,
I would need more details to look at this. Can you provide a some code?
bernard

Aldo_Victoria_Garcia · October 8, 2021, 1:12pm

Hi Bernard,

var
aesencriptar : TAESEncryption;
test : string;
ENCRYPTED_TEXT : string;
begin

aesencriptar := TAESEncryption.Create(self);
aesencriptar.AType := atCBC;
aesencriptar.keyLength := kl256;
aesencriptar.paddingMode := TPaddingMode.PKCS7;

aesencriptar.IV := '2jsffm394SFFmsa';
aesencriptar.key := 'n@#msd9fkfsakfas1SAcm39nFA032ds' ;

test := aesencriptar.decrypt(ENCRYPTED_TEXT);

//ENCRYPTED_TEXT comes form the database;
end;

Any more info, just please let me kwow.

Thanks!

Regards,
Aldo Victoria

Bernard · October 11, 2021, 6:57am

Hi Aldo,
Your IV only has 15 characters:
aesencriptar.IV := '2jsf fm39 4SFF msa'; <= the last group has 3 letters only (or you need a conversion)
And the key only has 31 characters:
aesencriptar.key := 'n@#m sd9f kfsa kfas 1SAc m39n FA03 2ds' ;

Regards,
bernard

Aldo_Victoria_Garcia · October 11, 2021, 9:39am

Hi Bernard,

Sorry, you are right. Now correct my example

var
aesencriptar : TAESEncryption;
test : string;
ENCRYPTED_TEXT : string;
begin

aesencriptar := TAESEncryption.Create(self);
aesencriptar.AType := atCBC;
aesencriptar.keyLength := kl256;
aesencriptar.paddingMode := TPaddingMode.PKCS7;

aesencriptar.IV := '2jsrbQ394SPFmsaL';
aesencriptar.key := 'n@#msd9fkfOakfas1SQ!@cm39nFA032d' ;

test := aesencriptar.decrypt(ENCRYPTED_TEXT);

//ENCRYPTED_TEXT comes form the database;
end;

Bernard · October 11, 2021, 9:59am

Hi Aldo,
That's better. Can you provide a sample of the ENCRYPTED_TEXT?
Regards,
bernard

Aldo_Victoria_Garcia · October 11, 2021, 12:50pm

Hi Bernard,

Created this example:

aesencriptar := TAESEncryption.Create(self);
aesencriptar.AType := atCBC;
aesencriptar.keyLength := kl256;
aesencriptar.paddingMode := TPaddingMode.PKCS7;

aesencriptar.IV := 'DGUpltToscainLee';
aesencriptar.key := 'DGursoSTClnPyAleQryAlertasSinLee' ;

test := aesencriptar.decrypt('5A7579B3ABA3D60BED7EC626FA8ED7E0013DB4EC6FD0D126B2684231AC89502E4D65A5CF45E3BFFF54EE18A62F1A3AFE');

Any more info, just please let me know.

You can do a test encrypting with v4.3.0.4 using this key/IV
IV := 'DGUpltToscainLee';
key := 'DGursoSTClnPyAleQryAlertasSinLee' or any another key/IV and it wont decrypt with v4.3.2.1 using the same Key/IV

Bernard · October 11, 2021, 2:57pm

Hi Aldo,

What is is original size of the string you have encrypted?

Regards,

bernard

Aldo_Victoria_Garcia · October 11, 2021, 3:09pm

Hi Bernard,

Original text size 19 characters.

Aldo_Victoria_Garcia · October 11, 2021, 4:04pm

If somehow it can help. I have tested on Delphi 10.4.2 and is working the encryption / decryption with AES and is compatible with TMS Crypto v4.3.0.4 and v4.3.2.1.

The problem is only with Delphi 11.

Bernard · October 11, 2021, 4:17pm

Aldo,
Thanks, I have noticed the same thing and that's why I am bit 'lost' as there is no change in the AES code whatsoever between these versions.

Aldo_Victoria_Garcia · October 12, 2021, 2:59pm

Hi Bernard,

Hope that you are doing fine.

Could you give me any update about this issue?

Bernard · October 12, 2021, 3:09pm

Hi Aldo,

It looks like either the key or the IV (or both) is wrong or incorrectly converted.

I have tried to decrypt with the original C primitives (AES_DecryptString / AES_DecryptBinaryBuffer) and get the same error.

I don't see where the problem lies at this stage.

Does the original code convert anything?

Regards,

bernard

Bernard · October 12, 2021, 4:33pm

Aldo,

To be on the safe side I rerun the tests from NIST Special Publication 800-38A (Recommendation for Block Cipher Modes of Operation) and all of them passed for the ECB 256 and CBC 256 modes and key size in RAD Studio 11. Which brings even more confusion and most likely locates the problem in a conversion operation or similar.

Regards,

bernard

Aldo_Victoria_Garcia · October 13, 2021, 1:44am

Hi Bernard,

Does the original code convert anything? Yes. Is working fine on Delphi 10.4.2 the AES256 encrypt/decrypt of the database but when i compile on D11 it gives the error Project app.apk raised exception class ECryptoPack with message 'error : in AES, the cipher text cannot be decrypted because the padding is not correct!

Thanks.

Bernard · October 13, 2021, 3:43pm

Hi Aldo,
Could you you send me the v4.3.0.4 AESObj.pas, MiscObj.pas (in the main TMS CP directory) and aes.obj and aes_mode.obj (in the libWin32 folder), together with a cleartext/cryptogram pair and the IV and key for this pair?

bernard@tmssoftware.com

Thanks,
bernard

Aldo_Victoria_Garcia · October 13, 2021, 6:33pm

Hi Bernard,

Unfortunately i uninstalled version v4.3.0.4 and i cant find the installation file.

Send the example pair and key, with encrypted and plain text to your email.

Thanks!

Regards,
Aldo Victoria

Aldo_Victoria_Garcia · October 25, 2021, 2:21pm

Hi Bernard,

Hope that you are doing fine by there.

Any news about this bug ?

Thanks!

Bernard · November 22, 2021, 10:15am

To All Readers of this thread,

Here is the closure on this report.

There is no bug in the AES library, the issue was with Delphi 11 (and I could not reproduce it with my version) and was fixed with the release of patch #1.

Bernard

Aldo_Victoria_Garcia · November 22, 2021, 2:15pm

Thanks a lot for the great support Bernard!