AES encryption algorithm PureBasic LIB available !

newbie · Post by **newbie** » Sat Aug 14, 2004 3:25 pm

@blueb

Sec lib + source code example of how to use it with strings has been posted.
Now Max is trying with his Lib (different than Sec's Lib) to do file encryption, and as soon as the code will be working, we'll convert it to Sec's lib, so everyone could use the code whatever the Lib they are using

The Max lib link is just above.

@Max

I tried with C:\Windows\system32\alg.exe, :
http://perso.wanadoo.fr/jugesoftware/purebasic/alg.zip

the executable is 40Kb.

Max.Â² · Post by **Max.Â²** » Sat Aug 14, 2004 3:47 pm

newbie wrote:I tried with C:\Windows\system32\alg.exe, :
http://perso.wanadoo.fr/jugesoftware/purebasic/alg.zip

the executable is 40Kb.

Works here without any problem. It isn't padded at all, as it is a multiple of 16 and MD5FileFingerprint says that original and decrypted are identical.

newbie · Post by **newbie** » Sat Aug 14, 2004 4:19 pm

does not work for me, the debug MD5 thing said error and the file is smaller

how is it possible ?

EDIT :

Max.Â² · Post by **Max.Â²** » Sat Aug 14, 2004 4:40 pm

You are using

- the latest code (updated in the posting; I am wondering because there should be more debug messages)
- alg.exe is not write protected

?

What are the file sizes for

1. the original
2. the encrypted
3. the decrypted

?

BTW, I just tried 2500 files, from 1 byte to several GB, ascii & binary, without any problem.

newbie · Post by **newbie** » Sat Aug 14, 2004 4:49 pm

Ok it works

Last time you said to use your updated code, I done it, but you have updated it once again later (your post has been edited twice) :-/

Let me trying to convert it to Sec's Lib, and I'll post both on my homepage, good work !

EDIT : unless you can do it :roll:

newbie · Post by **newbie** » Sat Aug 14, 2004 5:27 pm

your code converted to use Sec's Lib :

Code: Select all

;http://www.host4scripts.de/pub/AESLIB.zip ; use just _1_ of the libs
;to make life easier, FileReadBufferSize needs to be a multiplier of 16
;Key is meant hexademical. A common way to generate a 16 byte key out of a password is to use MD5Fingerprint

Procedure AES_Crypt_File(Mode,InFilename.s,OutFileName.s,key.s,FileReadBufferSize)
    
    ;Mode 0 = Encrypt
    ;Mode 1 = Decrypt
    
    If FileReadBufferSize % 16 = 0
        #OutFile  = 0
        #InFile   = 1
        
        FileIn=OpenFile(#InFile,InFilename.s)
        If FileIn<>0
            AES256Init(@key)
            
            *InputBuffer = AllocateMemory(FileReadBufferSize)
            *OutputBuffer = AllocateMemory(FileReadBufferSize)
            *PlainBlock = AllocateMemory(16)
            *EncryptionBlock = AllocateMemory(16)
            
            FileLength = FileSize(InFilename)
            BlocksToRead = Int(FileLength/FileReadBufferSize)
            
            Result=CreateFile(#OutFile,OutFileName)
            If Result
                For Offset = 0 To BlocksToRead
                    If Offset<BlocksToRead
                        BlockSize = FileReadBufferSize
                    Else
                        BlockSize = FileLength-Offset*FileReadBufferSize
                    EndIf         
                    ; get data from input file
                    UseFile(1)
                    FileSeek(Offset*FileReadBufferSize)
                    Result=ReadData(*InputBuffer,BlockSize)
                    
                    ;Pad (make multiple of 16bytes) if needed
                    If BlockSize<>FileReadBufferSize And Mode = 0         
                        Debug "Pad!"
                        PadBytes = (FileReadBufferSize - BlockSize) % 16
                        Debug "Need to pad with "+Str(PadBytes)+" bytes"
                        For i=0 To PadBytes-1
                            ;Using pad method RFC2630
                            PokeB(*InputBuffer+BlockSize+i,PadBytes)
                        Next i
                        BlockSize = BlockSize + PadBytes
                    EndIf
                    
                    ; write data to outputfile
                    UseFile(0)
                    For  EncryptionBlockOffset = 0 To FileReadBufferSize / 16
                        CopyMemory(*InputBuffer+EncryptionBlockOffset*16, *PlainBlock , 16)
                        If Mode = 0         
                            *EncryptionBlock = AES256Encrypt(*PlainBlock)
                        ElseIf Mode = 1
                            *EncryptionBlock = AES256Decrypt(*PlainBlock)
                        EndIf
                        CopyMemory(*EncryptionBlock,*OutputBuffer+EncryptionBlockOffset*16,16)
                    Next EncryptionBlockOffset
                    FileSeek(Offset*FileReadBufferSize)
                    ;Strip padded bytes
                    If Mode=1 And ((Offset = BlocksToRead) Or (FileLength % FileReadBufferSize = 0))
                        
                        
                        Debug "Unpad!"
                        PaddedBytes=PeekB(*OutputBuffer+BlockSize-1)  & $FF
                        Debug "Supposed # of padded bytes: "+Str(PaddedBytes)
                        For i=1 To PaddedBytes
                            If PeekB(*OutputBuffer+BlockSize-i)<>PaddedBytes
                                Debug "False alarm. No unpadding needed."
                                Break               
                            EndIf
                        Next i
                        If i>PaddedBytes And PaddedBytes<16
                            BlockSize=BlockSize-PaddedBytes
                            Debug "Decreasing Block by "+Str(PaddedBytes)+" to get rid of padded bytes"
                        EndIf
                    EndIf
                    WriteData(*OutputBuffer,BlockSize)
                Next Offset
                CloseFile(#InFile)
                CloseFile(#OutFile)
            EndIf
            FreeMemory(-1)
        EndIf
    Else
        Error = 1
    EndIf
    
EndProcedure

start = GetTickCount_()

key.s = "00010203050607080A0B0C0D0F101112"
InFile.s = "c:\alg.exe"
EncryptFile.s = "c:\alg.enc"
DecryptFile.s = "c:\alg_dec.exe"

AES_Crypt_File(0,InFile.s,EncryptFile.s,key.s,8192*2)
AES_Crypt_File(1,EncryptFile.s,DecryptFile.s,key.s,8192*2)
Debug "Milliseconds: "+Str(GetTickCount_()-start)
If MD5FileFingerprint(InFile) = MD5FileFingerprint(DecryptFile)
    Debug "ok"
Else
    Debug "error"
EndIf

works for me, is it ok with you ?

As soon as it's ok, I'll post both, by saying of course that it's your work, obviously

newbie · Post by **newbie** » Sat Aug 14, 2004 5:50 pm

What about this ?
I added compression.

So the file to encrypt is first packed, then encrypted, then decrypted, then unpacked :

Code: Select all

;http://www.host4scripts.de/pub/AESLIB.zip ; use just _1_ of the libs
;to make life easier, FileReadBufferSize needs to be a multiplier of 16
;Key is meant hexademical. A common way to generate a 16 byte key out of a password is to use MD5Fingerprint

Procedure AES_Crypt_File(Mode,InFilename.s,OutFileName.s,key.s,FileReadBufferSize)
    
    ;Mode 0 = Encrypt
    ;Mode 1 = Decrypt
    
    If FileReadBufferSize % 16 = 0
        #OutFile  = 0
        #InFile   = 1
        
        If Mode = 0
            packed_filename.s = InFilename + ".pack"
            res = CreatePack(packed_filename)
            If res <> 0
                ; 9 = MAX compression
                res = AddPackFile(InFilename , 9) 
                ClosePack() 
            Else
                Debug "error while packing"
                ProcedureReturn
            EndIf
        EndIf
        InFilename = packed_filename
        
        FileIn=OpenFile(#InFile,InFilename.s)
        If FileIn<>0
            AES256Init(@key)
            
            *InputBuffer = AllocateMemory(FileReadBufferSize)
            *OutputBuffer = AllocateMemory(FileReadBufferSize)
            *PlainBlock = AllocateMemory(16)
            *EncryptionBlock = AllocateMemory(16)
            
            FileLength = FileSize(InFilename)
            BlocksToRead = Int(FileLength/FileReadBufferSize)
            
            Result=CreateFile(#OutFile,OutFileName)
            If Result
                For Offset = 0 To BlocksToRead
                    If Offset<BlocksToRead
                        BlockSize = FileReadBufferSize
                    Else
                        BlockSize = FileLength-Offset*FileReadBufferSize
                    EndIf         
                    ; get data from input file
                    UseFile(1)
                    FileSeek(Offset*FileReadBufferSize)
                    Result=ReadData(*InputBuffer,BlockSize)
                    
                    ;Pad (make multiple of 16bytes) if needed
                    If BlockSize<>FileReadBufferSize And Mode = 0         
                        Debug "Pad!"
                        PadBytes = (FileReadBufferSize - BlockSize) % 16
                        Debug "Need to pad with "+Str(PadBytes)+" bytes"
                        For i=0 To PadBytes-1
                            ;Using pad method RFC2630
                            PokeB(*InputBuffer+BlockSize+i,PadBytes)
                        Next i
                        BlockSize = BlockSize + PadBytes
                    EndIf
                    
                    ; write data to outputfile
                    UseFile(0)
                    For  EncryptionBlockOffset = 0 To FileReadBufferSize / 16
                        CopyMemory(*InputBuffer+EncryptionBlockOffset*16, *PlainBlock , 16)
                        If Mode = 0         
                            *EncryptionBlock = AES256Encrypt(*PlainBlock)
                        ElseIf Mode = 1
                            *EncryptionBlock = AES256Decrypt(*PlainBlock)
                        EndIf
                        CopyMemory(*EncryptionBlock,*OutputBuffer+EncryptionBlockOffset*16,16)
                    Next EncryptionBlockOffset
                    FileSeek(Offset*FileReadBufferSize)
                    ;Strip padded bytes
                    If Mode=1 And ((Offset = BlocksToRead) Or (FileLength % FileReadBufferSize = 0))
                        
                        
                        Debug "Unpad!"
                        PaddedBytes=PeekB(*OutputBuffer+BlockSize-1)  & $FF
                        Debug "Supposed # of padded bytes: "+Str(PaddedBytes)
                        For i=1 To PaddedBytes
                            If PeekB(*OutputBuffer+BlockSize-i)<>PaddedBytes
                                Debug "False alarm. No unpadding needed."
                                Break               
                            EndIf
                        Next i
                        If i>PaddedBytes And PaddedBytes<16
                            BlockSize=BlockSize-PaddedBytes
                            Debug "Decreasing Block by "+Str(PaddedBytes)+" to get rid of padded bytes"
                        EndIf
                    EndIf
                    WriteData(*OutputBuffer,BlockSize)
                Next Offset
                CloseFile(#InFile)
                CloseFile(#OutFile)
                If Mode = 1
                    packed_filename.s = OutFileName
                    res = OpenPack(packed_filename)
                    If res <> 0
                        *addr = NextPackFile() 
                        size = PackFileSize() 
                        File = OpenFile(#InFile, packed_filename)
                        WriteData(*addr, size)
                        CloseFile(#InFile)
                        ClosePack() 
                    Else
                        Debug "error while unpacking"
                        ProcedureReturn
                    EndIf
                EndIf
                
            EndIf
            FreeMemory(-1)
        EndIf
    Else
        Error = 1
    EndIf
    
EndProcedure

start = GetTickCount_()

key.s = "00010203050607080A0B0C0D0F101112"
InFile.s = "c:\alg.exe"
EncryptFile.s = "c:\alg.enc"
DecryptFile.s = "c:\alg_dec.exe"

AES_Crypt_File(0,InFile.s,EncryptFile.s,key.s,8192*2)
AES_Crypt_File(1,EncryptFile.s,DecryptFile.s,key.s,8192*2)
Debug "Milliseconds: "+Str(GetTickCount_()-start)
If MD5FileFingerprint(InFile) = MD5FileFingerprint(DecryptFile)
    Debug "ok"
Else
    Debug "error"
EndIf

I like it

Max.Â² · Post by **Max.Â²** » Sat Aug 14, 2004 6:37 pm

newbie wrote:your code converted to use Sec's Lib :
Code: Select all
           AES256Init(@key)
 
works for me, is it ok with you ?

As soon as it's ok, I'll post both, by saying of course that it's your work, obviously

It works, but not as supposed.

2 problems, both key related.

1. a key like "00010203050607080A0B0C0D0F101112" is meant to be the hexadecimal representation of the key. In this case

00
01
02
03
...
11
12 (= decimal 18 )

So you need to poke the decimal value in each byte:

This is why I used this bit of code:

Code: Select all

;Key transformation
      *KeyBuffer = AllocateMemory(16)
      j=-1
      For i=1 To Len(Key.s) Step 2
        j=j+1
        ;Poking Hex key into buffer
        PokeB(*KeyBuffer+j,Hex2Dec(Mid(Key,i,2)))     
      Next i

2. The keylength is according to the encryption strength. I am using variable keys in my sample, with the key string of 32 characters using 128bit encryption. You need to use a 64bit long key, else the results can differ.

(I just saw that I falsely limited the keybuffer to 128bit; that is wrong, too)

Compression I like in conjunction with encryption especially. Bad thing is that it often breaks compatibility (which isn't really given in AES anyway, so no biggy).

newbie · Post by **newbie** » Sat Aug 14, 2004 8:59 pm

Thanks MAx for the Tip, I just found that in fact I have the same problem anywhere in my program.
So I should do the same for Blowfish using Sec's lib ?

Code: Select all

temp = MD5...
temp = left(temp, 10)
*KeyBuffer = AllocateMemory(5) ; 40 bits key
 j=-1
For i=1 To Len(temp) Step 2
   j=j+1
   PokeB(*KeyBuffer+j,hex2dec(Mid(temp,i,2)))     
Next i 
bfinit(*KeyBuffer, 5)

What is the difference in terms of security between giving the string against giving the hex ?

CherokeeStalker · Post by **CherokeeStalker** » Sat Aug 14, 2004 9:08 pm

thefool wrote:Hi

I was just wandering around the forum and i found this post, and i just wanted to ask:

Whats the best encryption? Aes or RC4?

AES aka Rijndael is the latest standard !

Max.Â² · Post by **Max.Â²** » Sat Aug 14, 2004 9:35 pm

newbie wrote:Thanks MAx for the Tip, I just found that in fact I have the same problem anywhere in my program.
So I should do the same for Blowfish using Sec's lib ?
Code: Select all
temp = MD5...
temp = left(temp, 10)
*KeyBuffer = AllocateMemory(5) ; 40 bits key
 j=-1
For i=1 To Len(temp) Step 2
   j=j+1
   PokeB(*KeyBuffer+j,hex2dec(Mid(temp,i,2)))     
Next i 
bfinit(*KeyBuffer, 5)
What is the difference in terms of security between giving the string against giving the hex ?

It depends on the lib; a lib could implement another way to pass a key; but likely for the Blowfish lib it is the same.

For security, I don't see any problem*, but for the interoperability. There are several test vectors available for the different encryptions and they should of course lead to the same result.

I think, best is to use the "right" approach, even if it looks awkward. And to use test vectors to confirm.

*problem is if you just pass values out of the hex number range ( "0123456789ABCDEF"). That limits the encryption. If you pass it directly, but use a key string like "TheQuickBrownFox", then it should be safe. But not interoperable.

sec · Post by **sec** » Sun Aug 15, 2004 5:07 am

I have update get at http://metawire.org/~sec/aesv3.zip (it is going down i will upload as soon as possible expect somebody can give me some host space

) sha1 hash has done some mins ago

PS: newbie, compress data before encryption is good idea

Key in format (hex, base64, or blah) is not important, 'what' i&you would know "bits range of key that algorithm support".
Even, i saw a one-pad algo that key generate from audio interface

newbie · Post by **newbie** » Sun Aug 15, 2004 11:30 am

Sec :

About the compresssion, since my prog sends files via the network, it is very usefull, nice to see a built-in packer in PB.

About your AESV3, I have some web space, send me the file !

Again, what are the modifications ?

And about SHA... can't wait for it !

EDIT : the AES ecnryption file updated :

Code: Select all

;http://www.host4scripts.de/pub/AESLIB.zip ; use just _1_ of the libs
;to make life easier, FileReadBufferSize needs to be a multiplier of 16
;Key is meant hexademical. A common way to generate a 16 byte key out of a password is to use MD5Fingerprint

;Procedure by PB / english forum
Procedure.l hex2dec(h$)
    h$=UCase(h$)
    For r=1 To Len(h$)
        d<<4 : a$=Mid(h$,r,1)
        If Asc(a$)>60
            d+Asc(a$)-55
        Else
            d+Asc(a$)-48
        EndIf
    Next
    ProcedureReturn d
    
EndProcedure 

Procedure AES_Crypt_File(Mode, InFilename.s, OutFileName.s, key.s, FileReadBufferSize)
    
    ;Mode 0 = Encrypt
    ;Mode 1 = Decrypt
    
    If FileReadBufferSize % 16 = 0
        #OutFile  = 0
        #InFile   = 1
        
        If Mode = 0
            packed_filename.s = InFilename + ".pack"
            res = CreatePack(packed_filename)
            If res <> 0
                ; 9 = MAX compression
                res = AddPackFile(InFilename , 9) 
                ClosePack() 
            Else
                Debug "error while packing"
                ProcedureReturn
            EndIf
            InFilename = packed_filename
        EndIf
        
        
        FileIn=OpenFile(#InFile,InFilename.s)
        If FileIn<>0
            ;Key transformation
            *KeyBuffer = AllocateMemory(32)
            key = key + key ; key is a MD5 128 bits key, we need 256 bits for AES 256, it's a workaround until we have SHA-256
            Debug "key = " + key
            j=-1
            For i=1 To Len(key) Step 2
                j=j+1
                PokeB(*KeyBuffer+j,hex2dec(Mid(key,i,2)))     
            Next i 
        
            AES256Init(*KeyBuffer)
            
            *InputBuffer = AllocateMemory(FileReadBufferSize)
            *OutputBuffer = AllocateMemory(FileReadBufferSize)
            *PlainBlock = AllocateMemory(16)
            *EncryptionBlock = AllocateMemory(16)
            
            FileLength = FileSize(InFilename)
            BlocksToRead = Int(FileLength/FileReadBufferSize)
            
            Result=CreateFile(#OutFile,OutFileName)
            If Result
                For Offset = 0 To BlocksToRead
                    If Offset<BlocksToRead
                        BlockSize = FileReadBufferSize
                    Else
                        BlockSize = FileLength-Offset*FileReadBufferSize
                    EndIf         
                    ; get data from input file
                    UseFile(1)
                    FileSeek(Offset*FileReadBufferSize)
                    Result=ReadData(*InputBuffer,BlockSize)
                    
                    ;Pad (make multiple of 16bytes) if needed
                    If BlockSize<>FileReadBufferSize And Mode = 0         
                        Debug "Pad!"
                        PadBytes = (FileReadBufferSize - BlockSize) % 16
                        Debug "Need to pad with "+Str(PadBytes)+" bytes"
                        For i=0 To PadBytes-1
                            ;Using pad method RFC2630
                            PokeB(*InputBuffer+BlockSize+i,PadBytes)
                        Next i
                        BlockSize = BlockSize + PadBytes
                    EndIf
                    
                    ; write data to outputfile
                    UseFile(0)
                    For  EncryptionBlockOffset = 0 To FileReadBufferSize / 16
                        CopyMemory(*InputBuffer+EncryptionBlockOffset*16, *PlainBlock , 16)
                        If Mode = 0         
                            *EncryptionBlock = AES256Encrypt(*PlainBlock)
                        ElseIf Mode = 1
                            *EncryptionBlock = AES256Decrypt(*PlainBlock)
                        EndIf
                        CopyMemory(*EncryptionBlock,*OutputBuffer+EncryptionBlockOffset*16,16)
                    Next EncryptionBlockOffset
                    FileSeek(Offset*FileReadBufferSize)
                    ;Strip padded bytes
                    If Mode=1 And ((Offset = BlocksToRead) Or (FileLength % FileReadBufferSize = 0))
                        
                        
                        Debug "Unpad!"
                        PaddedBytes=PeekB(*OutputBuffer+BlockSize-1)  & $FF
                        Debug "Supposed # of padded bytes: "+Str(PaddedBytes)
                        For i=1 To PaddedBytes
                            If PeekB(*OutputBuffer+BlockSize-i)<>PaddedBytes
                                Debug "False alarm. No unpadding needed."
                                Break               
                            EndIf
                        Next i
                        If i>PaddedBytes And PaddedBytes<16
                            BlockSize=BlockSize-PaddedBytes
                            Debug "Decreasing Block by "+Str(PaddedBytes)+" to get rid of padded bytes"
                        EndIf
                    EndIf
                    WriteData(*OutputBuffer,BlockSize)
                Next Offset
                CloseFile(#InFile)
                CloseFile(#OutFile)
                If Mode = 1
                    packed_filename.s = OutFileName
                    res = OpenPack(packed_filename)
                    If res <> 0
                        *addr = NextPackFile() 
                        size = PackFileSize() 
                        File = OpenFile(#InFile, packed_filename + ".dec")
                        WriteData(*addr, size)
                        CloseFile(#InFile)
                        ClosePack() 
                    Else
                        Debug "error while unpacking"
                        ProcedureReturn
                    EndIf
                EndIf
                
            EndIf
            FreeMemory(-1)
        EndIf
    Else
        Error = 1
    EndIf
    
EndProcedure

start = GetTickCount_()

key.s = MD5Fingerprint("toto", 4)
InFile.s = "c:\alg.exe"
EncryptFile.s = "c:\alg.enc"
DecryptFile.s = "c:\alg.dec.exe"

AES_Crypt_File(0, InFile, EncryptFile, key, 8192*2)
AES_Crypt_File(1, EncryptFile, DecryptFile, key, 8192*2)
DeleteFile(DecryptFile)
RenameFile(DecryptFile + ".dec", DecryptFile)
Debug "Milliseconds: "+Str(GetTickCount_()-start)
If MD5FileFingerprint(InFile) = MD5FileFingerprint(DecryptFile)
    Debug "ok"
Else
    Debug "error"
EndIf

I fill the key in the good way know, and packing+encryption/decryption+unpacking is working fine

Max.Â² · Post by **Max.Â²** » Sun Aug 15, 2004 7:24 pm

And about SHA... can't wait for it !

If you can't wait, you might want to try out this:

http://www.host4scripts.de/pub/SHA

Example:

Code: Select all

;expected a9993e364706816aba3e25717850c26c9cd0d89d

;generic
Hash.s=Space(255)
Input.s = "abc"
SHA1(@Hash,@Input,Len(Input))
For i=1 To 20
  Debug Hex(PeekB(@Hash+i-1)& $ff)
Next i

;easy mode
Result.s = SHA1Fingerprint("abc")
Debug Result

There are more functions, but it's time for dinner. Hope it works for you!

newbie · Post by **newbie** » Sun Aug 15, 2004 7:37 pm

Thanks Max I will try it, but I thought that Sec was working on this one, we will have two same Libs again :-/
You should PM you and agree about who does what

such as , Max :
SHA-1 / SHA-256

Sec :
SHA-384 (is it the good one ?)
SHA-512

I have always liked multitasking ^^

Anyway, downloading your Lib right now

EDIT : why the SHA library is so huge (20.3Ko) against only 9Ko for AES ? I would have thought that AES would have been far bigger than a hash algorithm.

Then the function SHA1Fingerprint is buggy, see the screenshot :

The final '9D' is moved first :-/