Professional Web Applications Themes

AES encrypt/decrypt Key Parsing - MySQL

I am trying to understand how MySQL converts the "key_str" (AES password) argument in functions "AES_ENCRYPT(str,key_str)" or "AES_DECRYPT(crypt_str,key_str)" if the length of the "key_str" characters is > 16 characters. I am trying to write parallel Java AES functions that work exactly as the MySQL AES functions.   to bytes and then uses those bytes for AES ciphering. If the size of the converted bytes is < 16 bytes (32 hex chars or 128 bits), the converted bytes value is padded with 0x00 (2 zeros in hex) until 128 bits are reached. For example, if you supply value "password" to the ...

  1. #1

    Default AES encrypt/decrypt Key Parsing

    I am trying to understand how MySQL converts the "key_str" (AES
    password) argument in functions "AES_ENCRYPT(str,key_str)" or
    "AES_DECRYPT(crypt_str,key_str)" if the length of the "key_str"
    characters is > 16 characters. I am trying to write parallel Java AES
    functions that work exactly as the MySQL AES functions.
     
    to bytes and then uses those bytes for AES ciphering. If the size of
    the converted bytes is < 16 bytes (32 hex chars or 128 bits), the
    converted bytes value is padded with 0x00 (2 zeros in hex) until 128
    bits are reached. For example, if you supply value "password" to the
    AES functions, the text "password" is converted to bytes and padded
    until 128 bits (32 characters) are reached and is thus (in hexadecimal
    format): "70617373776f72640000000000000000". The hex value of
    "password" is "70617373776f7264" and the "0000000000000000" was added
    as padding to achieve a 128-bit value before the AES ciphering takes
    place.

    So, what does MySQL do with "key_str" values > 16 characters long?
    This is where I'm stumpted. I'm very unexperienced with hex/binary
    data and Java functions, so any help is necessary. I'll attempt to
    read the MySQL source now, but I'm a beginner at C code (assumed) too.

    Anthum@gmail.com Guest

  2. #2

    Default Re: AES encrypt/decrypt Key Parsing

    com wrote:
     

    "use the source, Luke!"

    from $MYSQL_SOURCE/mysys/my_aes.c:

    static int my_aes_create_key(KEYINSTANCE *aes_key,
    enum encrypt_dir direction, const char *key,
    int key_length)
    {
    uint8 rkey[AES_KEY_LENGTH/8]; /* The real key to be used for encryption */
    uint8 *rkey_end=rkey+AES_KEY_LENGTH/8; /* Real key boundary */
    uint8 *ptr; /* Start of the real key*/
    const char *sptr; /* Start of the working key */
    const char *key_end=key+key_length; /* Working key boundary*/

    bzero((char*) rkey,AES_KEY_LENGTH/8); /* Set initial key */

    for (ptr= rkey, sptr= key; sptr < key_end; ptr++, sptr++)
    {
    if (ptr == rkey_end)
    ptr= rkey; /* Just loop over tmp_key until we used all key */
    *ptr^= (uint8) *sptr;
    }
    ....


    1. the AES key is initialized with all zeros

    2. the AES key is XORed with the given key; if there are more bytes in
    the key than in the AES key, it starts over at the beginning of the
    AES key until all key material is used


    XL
    --
    Axel Schwenke, Support Engineer, MySQL AB

    Online User Manual: http://dev.mysql.com/doc/refman/5.0/en/
    MySQL User Forums: http://forums.mysql.com/
    Axel Guest

  3. #3

    Default Re: AES encrypt/decrypt Key Parsing

    Axel:

    Thanks! I actually read the source last night and figured it out
    (after a long while because I don't know C). As you mentioned, the
    final key is looped over and the byte value is incremented with the ^=
    operator.

    Here's the final Java function I wrote, for obtaining an AES key as
    MySQL does:


    private byte[] getAESKey(String s)
    {
    char[] sourceKey = s.toCharArray();

    // The final, 128-bit key to be used for encryption; convert to
    bytes
    byte[] finalKey = new byte[128/8];

    // initialize values for final key (accommodates padding)
    for (int i=0;i<finalKey.length;i++)
    {
    finalKey[i] = 0x00;
    }

    for (int k=0, r=0; k<sourceKey.length; k++, r++)
    {
    if (r == finalKey.length)
    r = 0; // reset location of final key to 0
    finalKey[r] ^= (byte)sourceKey[k];
    }
    return finalKey;
    }



    Thanks again for your help and quick reply.

    Zoned Guest

Similar Threads

  1. Problems with encrypt, and decrypt.. again
    By kenji776 in forum Coldfusion - Advanced Techniques
    Replies: 13
    Last Post: September 3rd, 04:55 AM
  2. Urgent Help on CAPICOM Decrypt and Encrypt
    By Mae in forum ASP.NET Security
    Replies: 2
    Last Post: January 16th, 05:05 PM
  3. 3DES encrypt in vb.net with decrypt in classic asp
    By David Lund in forum ASP.NET Security
    Replies: 0
    Last Post: December 3rd, 09:32 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139