Comments (2)
MHumm
commented on August 15, 2024
I tried to reproduce this bug but failed to do so.
Here's the test application I used. Can you share some code you used while you got this exception?
program Cipher_Console;
{$APPTYPE CONSOLE}
{$R *.res}
uses
System.SysUtils,
DECCipherBase,
DECCipherModes,
DECCipherFormats,
DECCiphers;
var
Cipher : TCipher_AES;
// We use raw byte string here since Unicode handling of Windows console
// is not given
SourceText : RawByteString;
// Key for the initialization of our encryption run
CipherKey : RawByteString;
IV : RawByteString;
Input,
Output : TBytes;
i : Integer;
begin
Cipher := TCipher_AES.Create;
try
try
// Init our encryption
CipherKey := 'Passwort1234567890';
IV := #0#0#0#0#0#0#0#0;
Cipher.Init(CipherKey, IV, 0);
Cipher.Mode := cmCBCx;
SourceText := 'Beispielklartext';
WriteLn('Source text: ' + SourceText);
Input := System.SysUtils.BytesOf(SourceText);
// Encrypt
Output := Cipher.EncodeBytes(Input);
Write('Encrypted data in hex: ');
for i := 0 to high(Output) do
Write(IntToHex(Output[i], 2), ' ');
WriteLn;
// Decrypt
Cipher.Init(CipherKey, IV, 0);
Output := Cipher.DecodeBytes(Output);
SourceText := RawByteString(System.SysUtils.StringOf(Output));
WriteLn('Decrypted data: ' + SourceText);
// Show that using a different key results in a different output
WriteLn;
CipherKey := 'Password';
Cipher.Init(CipherKey, IV, 0);
Output := Cipher.DecodeBytes(Output);
SourceText := RawByteString(System.SysUtils.StringOf(Output));
WriteLn('Decrypted with different key: ' + SourceText);
ReadLn;
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
finally
Cipher.Free;
end;
end.
Even when changing mode from CBCx to EBCx I didn't get any exception.
Debugging reveals, that there is a check against Context.KeySize, which is 32 for this AES
implementation and thus higher than your 18 byte key. Or is your key a regular Unicode string?
Then key length would be double on Win32 as Unicode string is UTF16.
from delphiencryptioncompendium.
MHumm
commented on August 15, 2024
Ok, the poster of this bugreport informed me, that he produced the exception by testing ProgressDemoVCL and that he added 1234567890 to the password.
I can reproduce it with that information and I'll modify the demo application. The issue arises because when calling like this Delphi calls the WideString based variant of the init method and this uses 2 byte per character, so with his longer key he produces a key longer than the maximum allowed key length of 32 byte.
from delphiencryptioncompendium.
Related Issues (20)
- Urgent: Migration from DEC 5.2 library (Part2 - decrypt).
- Are there plans to support bcrypt ? HOT 2
- DECCipherInterface error HOT 12
- THash_SHA1.PBKDF2 create wrong Results HOT 13
- Range Check Error in TDECCipherModes.EncodeCBCx() HOT 5
- no compile on Linux HOT 18
- Incorrect auth tag generated for GCM mode when feeding data using small chunks HOT 8
- Missing padding for ECB mode HOT 12
- 3DES DoEncode()/DoDecode() Source overwriting Dest problem HOT 10
- Integer Overflow when hashing a large TFilestream HOT 5
- Installing in Delphi 2010 HOT 1
- Implement HMACStream and HMACFile HOT 7
- Question about processing of last block of data using Done HOT 17
- Testcases failure HOT 9
- "VCL" vs "VLC" typo in samples HOT 1
- Random padding / Confusion about "IV" padding vs "Last block" padding? HOT 4
- Access violation if GCM mode is set after cipher is initialized
- Change IV HOT 2
- Range Check Exception when using KDF with empty password HOT 2
- Support for AEGIS 256 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from delphiencryptioncompendium.