AES decrypt problem

luis.gasca · 2014-04-25T02:06:41+00:00

Hello! On Wed, Apr 23, 2014 at 7:25 PM, 范洪毅 wrote: > now wo use ngx_lua online, > qps 2000 ,cpu more than 60%, >...

AES decrypt problem

luis.gasca

Hi,

We are porting part of our back-end from PHP to openresty and I am having some problems decrypting a AES encrypted string.

This is the PHP code

function aes_decrypt($sStr, $sKey) {

return mcrypt_decrypt(

MCRYPT_RIJNDAEL_128,

$sKey,

base64_decode($sStr),

MCRYPT_MODE_ECB

);

}

echo aes_decrypt("tkKbFgvUw39xxwKswwRt9w==","our256bitskey");

Using openssl command line client, I am able to decrypt it with the following command

echo -ne "tkKbFgvUw39xxwKswwRt9w==" | base64 -d | openssl enc -d -aes-256-ecb -nosalt -nopad -A -K our256bitskeyHEXencoded

And here is the lua code we are using:

local m = "tkKbFgvUw39xxwKswwRt9w=="

local aes_256_ecb = aes:new("our256bitskey",nil,aes.cipher(256,"ecb"))

local dm = ngx.decode_base64(m)

local msisdn = aes_256_ecb:decrypt(dm)

return msisdn

decrypt is returning nil in the C.EVP_DecryptFinal_ex call

Any hint ?

Thanks,

Luis

iscander

Hi
Is it misstyped?
mcrypt_decrypt(
        MCRYPT_RIJNDAEL_128
You use 128bit at PHP function call, but -aes-256-ecb in command line?
What Lua SSL library do you use?

2014-04-24 21:06 GMT+03:00  <luis...@interactive3g.com>:
> Hi,
>
> We are porting part of our back-end from PHP to openresty and I am having
> some problems decrypting a AES encrypted string.
>
> This is the PHP code
>
> function aes_decrypt($sStr, $sKey) {
>     return mcrypt_decrypt(
>         MCRYPT_RIJNDAEL_128,
>         $sKey,
>         base64_decode($sStr),
>         MCRYPT_MODE_ECB
>     );
> }
>
> echo aes_decrypt("tkKbFgvUw39xxwKswwRt9w==","our256bitskey");
>
> Using openssl command line client, I am able to decrypt it with the
> following command
>
> echo -ne "tkKbFgvUw39xxwKswwRt9w==" | base64 -d | openssl enc -d
> -aes-256-ecb -nosalt -nopad -A -K our256bitskeyHEXencoded
>
> And here is the lua code we are using:
>
> local m = "tkKbFgvUw39xxwKswwRt9w=="
> local aes_256_ecb = aes:new("our256bitskey",nil,aes.cipher(256,"ecb"))
> local dm = ngx.decode_base64(m)
> local msisdn = aes_256_ecb:decrypt(dm)
> return msisdn
>
> decrypt is returning nil in the  C.EVP_DecryptFinal_ex call
>
> Any hint ?
>
> Thanks,
> Luis.



-- 
My best wishes.
Alexandr Ogurtsov.

Linux is very friendly it is just picky who its friends are

luis.gasca

Hi,

No, it´s ok. This was the first problem that I had, but MCRYPT_RIJNDAEL_128 refers to the block size and aes-256-ecb refers to the key size. In my case, our key is 256-bits. Note that I am able to decrypt it with openssl client using aes-256-ecb

I am using openresty 1.5.8.1. How do I get SSL library version ?

Thanks,

Luis

El jueves, 24 de abril de 2014 20:14:31 UTC+2, Alexandr R. Ogurtzoff escribió:

Hi
Is it misstyped?
mcrypt_decrypt(
MCRYPT_RIJNDAEL_128
You use 128bit at PHP function call, but -aes-256-ecb in command line?
What Lua SSL library do you use?

2014-04-24 21:06 GMT+03:00 <luis....@interactive3g.com>:
> Hi,
>
> We are porting part of our back-end from PHP to openresty and I am having
> some problems decrypting a AES encrypted string.
>
> This is the PHP code
>
> function aes_decrypt($sStr, $sKey) {
> return mcrypt_decrypt(
> MCRYPT_RIJNDAEL_128,
> $sKey,
> base64_decode($sStr),
> MCRYPT_MODE_ECB
> );
> }
>
> echo aes_decrypt("tkKbFgvUw39xxwKswwRt9w==","our256bitskey");
>
> Using openssl command line client, I am able to decrypt it with the
> following command
>
> echo -ne "tkKbFgvUw39xxwKswwRt9w==" | base64 -d | openssl enc -d
> -aes-256-ecb -nosalt -nopad -A -K our256bitskeyHEXencoded
>
> And here is the lua code we are using:
>
> local m = "tkKbFgvUw39xxwKswwRt9w=="
> local aes_256_ecb = aes:new("our256bitskey",nil,aes.cipher(256,"ecb"))
> local dm = ngx.decode_base64(m)
> local msisdn = aes_256_ecb:decrypt(dm)
> return msisdn
>
> decrypt is returning nil in the C.EVP_DecryptFinal_ex call
>
> Any hint ?
>
> Thanks,
> Luis.

--
My best wishes.
Alexandr Ogurtsov.

Linux is very friendly it is just picky who its friends are

ykotik

any update on this ?

Четвер, 24 квітня 2014 р. 21:25:09 UTC+3 користувач luis....@interactive3g.com написав:

Hi,

No, it´s ok. This was the first problem that I had, but MCRYPT_RIJNDAEL_128 refers to the block size and aes-256-ecb refers to the key size. In my case, our key is 256-bits. Note that I am able to decrypt it with openssl client using aes-256-ecb

I am using openresty 1.5.8.1. How do I get SSL library version ?

Thanks,
Luis

El jueves, 24 de abril de 2014 20:14:31 UTC+2, Alexandr R. Ogurtzoff escribió:
Hi
Is it misstyped?
mcrypt_decrypt(
MCRYPT_RIJNDAEL_128
You use 128bit at PHP function call, but -aes-256-ecb in command line?
What Lua SSL library do you use?

2014-04-24 21:06 GMT+03:00 <luis....@interactive3g.com>:
> Hi,
>
> We are porting part of our back-end from PHP to openresty and I am having
> some problems decrypting a AES encrypted string.
>
> This is the PHP code
>
> function aes_decrypt($sStr, $sKey) {
> return mcrypt_decrypt(
> MCRYPT_RIJNDAEL_128,
> $sKey,
> base64_decode($sStr),
> MCRYPT_MODE_ECB
> );
> }
>
> echo aes_decrypt("tkKbFgvUw39xxwKswwRt9w==","our256bitskey");
>
> Using openssl command line client, I am able to decrypt it with the
> following command
>
> echo -ne "tkKbFgvUw39xxwKswwRt9w==" | base64 -d | openssl enc -d
> -aes-256-ecb -nosalt -nopad -A -K our256bitskeyHEXencoded
>
> And here is the lua code we are using:
>
> local m = "tkKbFgvUw39xxwKswwRt9w=="
> local aes_256_ecb = aes:new("our256bitskey",nil,aes.cipher(256,"ecb"))
> local dm = ngx.decode_base64(m)
> local msisdn = aes_256_ecb:decrypt(dm)
> return msisdn
>
> decrypt is returning nil in the C.EVP_DecryptFinal_ex call
>
> Any hint ?
>
> Thanks,
> Luis.

--
My best wishes.
Alexandr Ogurtsov.

Linux is very friendly it is just picky who its friends are

aapo.talvensaari

On Thursday, April 24, 2014 9:06:40 PM UTC+3, luis....@interactive3g.com wrote:

And here is the lua code we are using:

local m = "tkKbFgvUw39xxwKswwRt9w=="
local aes_256_ecb = aes:new("our256bitskey",nil,aes.cipher(256,"ecb"))
local dm = ngx.decode_base64(m)
local msisdn = aes_256_ecb:decrypt(dm)
return msisdn

I would be happy if you could test this with my lua-resty-nettle as well.

Here is the client code:

local aes = require "resty.nettle.aes"
local aes256 = aes.new("our256bitskey")
local msisdn = aes256:decrypt(ngx.decode_base64("tkKbFgvUw39xxwKswwRt9w=="))

The lua-resty-nettle library can be found from here:

https://github.com/bungle/lua-resty-nettle

The nettle c-lib can be found from here:

http://www.lysator.liu.se/~nisse/nettle/ (you need to place libnettle.so to Lua's package.cpath or edit nettle.lua (https://github.com/bungle/lua-resty-nettle/blob/master/lib/resty/nettle.lua), and point it with full path to your libnettle-library file).

You can compile nettle with the usual ./configure && make (on a Mac it will generate libnettle.dylib).

Regards

Aapo