1

Hello there so I am having a very weird issue while trying to decrypt AES text that has been encrypted with AES using phpseclib.

I RSA encrypt an AES key that I use to encrypt a message to the server. the server decrypt's the RSA encrypted AES key and uses it to decrypt the incoming message.

also to encrypt the reply.

I verify that the key is the same by exporting the AES key as a PLAINTEXTKEYBLOB.

The problem comes when I go to decrypt the AES encrypted text from the server with WCAPI using the hKey HANDLE that was generated to encrypt the original message.

CryptDecrypt() only leaves me with junk. the Decryption does not produce the original message.

I've also verified that I am in fact decrypting the encrypted message, and not some random buffer.

Also before I attempt to decrypt this message, I send an encrypted message that contains my public key, so that the server can encrypt the next AES key. This is successful.

I am able to encrypt/decrypt from C++ to PHP, but not vice versa.

Here is the PHP.

$aes_ = new Crypt_AES(); //CRYPT_AES_MODE_CBC is default

$aes_->setPassword($aes_key);


$aes_->setIV("1234567890123456");

// Encrypt MSG with AES key
$encrypted_msg = $aes_->encrypt($data);

$encrypted_msg;

return base64_encode($encrypted_msg);

Here is the C++

LPBYTE enc_bytes = (LPBYTE)context->in_buff;
DWORD pl_s = context->in_size;

LPVOID tmp_blk_buff = NULL;
LPVOID plain_text = NULL;
LPBYTE new_bytes = NULL;
DWORD p_block_size = NULL;
BOOL eof = FALSE;
DWORD tbbs = TMP_BLOCK_BUFFER_SIZE(context->in_size);

DWORD dwMode = CRYPT_MODE_CBC;
CryptSetKeyParam(context->aes_hKey, KP_MODE, (BYTE*)&dwMode, 0);


tmp_blk_buff = VirtualAlloc(0, tbbs, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
plain_text = VirtualAlloc(0, context->in_size * 2, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);

RtlSecureZeroMemory(tmp_blk_buff, tbbs);
RtlSecureZeroMemory(plain_text, context->in_size * 2);

new_bytes = (LPBYTE)plain_text;

// Decrypt data
do{
    RtlSecureZeroMemory(tmp_blk_buff, tbbs);

    if (pl_s <= AES_BLOCK_SIZE_){
        p_block_size = pl_s;
        eof = TRUE;
    }
    else{
        p_block_size = AES_BLOCK_SIZE_;
        pl_s -= AES_BLOCK_SIZE_;
    }

    CopyMemory(tmp_blk_buff, enc_bytes, p_block_size);

    DWORD error = 0;
    if (error = !CryptDecrypt(context->aes_hKey, NULL, eof, 0, (LPBYTE)tmp_blk_buff, &p_block_size))
    {
        error = GetLastError();
    }

    CopyMemory(new_bytes, tmp_blk_buff, p_block_size);

    enc_bytes += AES_BLOCK_SIZE_;
    new_bytes += p_block_size;

    context->out_size += p_block_size;

} while (!eof);

context->out_buff = plain_text;

RtlSecureZeroMemory(tmp_blk_buff, tbbs);
VirtualFree(tmp_blk_buff, tbbs, MEM_RELEASE);

CryptReleaseContext(context->context, 0);
CryptDestroyKey(context->aes_hKey);
swayz
  • 65
  • 7
  • Ive tried using the AES hKey as a session key, where by i encrypt the message with the same key used to decrypt the message.(server side). Ive verified the keys match(both sever/client side) but still no success. I just get garbage.... – swayz Aug 14 '15 at 15:12
  • Update: Ive verified the keys and the message. so it leads me to believe, im missing some sort of flags in WCAPI, or some flags in phpseclib, but have yet to figure out which ones... any suggestions are appreciated – swayz Aug 15 '15 at 14:15

0 Answers0