I am using this c library, and have the following:
#include <stdio.h>
#include <string.h>
#include "aes.h"
int main(int argc, char *argv[]) {
if (argc < 3) return 1;
uint8_t *key = argv[1];
uint8_t *content = argv[2];
uint8_t iv[16] = { 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f,0x0f,0x0f};
struct AES_ctx ctx;
AES_init_ctx_iv(&ctx, key, iv);
AES_CTR_xcrypt_buffer(&ctx, content, strlen(content));
printf("%s", (char*) content);
return 0;
}
it gives an output of random characters when used like this:
.\example key msg
prints <random chars>
The problem is that the chars given are different each run (with same iv), if I try to decrypt the returned value from above, it won't return the original value
.\example key <random chars>
prints more random chars
but if i use it like this:
#include <stdio.h>
#include <string.h>
#include "aes.h"
int main(int argc, char *argv[]) {
if (argc < 3) return 1;
uint8_t *key = argv[1];
uint8_t *content = argv[2];
uint8_t iv[16] = { 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f,0x0f,0x0f};
struct AES_ctx ctx;
AES_init_ctx_iv(&ctx, key, iv);
AES_CTR_xcrypt_buffer(&ctx, content, strlen(content));
printf("enc: %s\n", (char*) content);
AES_init_ctx_iv(&ctx, key, iv);
AES_CTR_xcrypt_buffer(&ctx, content, strlen(content));
printf("dec: %s", (char*) content);
return 0;
}
this encrypts and decrypts the value. it gives an output like this:
.\example key msg
enc: Vª≈ // encrypted (this changes every run)
dec: msg // decrypted
- why does the encrypted value change each time for the same value key iv combination
- why does the decryption work in the second example, and not when encrypting and decrypting separately
CodePudding user response:
You cannot use a password as a key this way. If you have a human-typable password (such as "key"), you need to convert that to a key using a PBKDF such as PBKDF2. See http://bxr.su/OpenBSD/lib/libutil/pkcs5_pbkdf2.c#77 for an example implementation in C and https://en.wikipedia.org/wiki/PBKDF2 for a description of the algorithm.
In your code, the key you're using is 0x6b 0x65 0x79 0x00 ("key\0") followed by some number of semi-random garbage bytes that happened to be after argv[1] in memory. That's why you get different results every time. (The number of garbage bytes depends on what key size you compiled into Tiny AES. The default key size is 128 bits, so it'll pick up 12 bytes of garbage data.)
Also, even with a proper key, the output content will be unprintable. It will be a series of bytes with values between 0 and 255. Many of those values cannot be printed on a terminal, and as you've written it, you'll keep printing until you find the first zero (which will be at a random location, possibly somewhere inside the ciphertext, possibly after it). In order to print cipher text, you need to encode it somehow, such as Base64 or Hex. Tiny AES has no features for any of this; that's part of why it's so tiny. It just does the most basic AES encryption and decryption. Everything else is up to you.