AES Rijndael decryption C#

Question

I have to decrypt some data that are sent encrypted using AES256 Rijndael. I have the encryption/decryption mechanism used by my partner, developed in JAVA, that I'm not very familiar with, but can't transpose it in C#.

The secret key that has been given to me is 10 chars long.

I think that below code is ok, excepted the IV calculation. You'll find first the java code, and then the C# :

import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class UtilsCrypto {

    /* Rijndael/CFB8/NoPadding is default cipher */
    final static String CHIPHER = "Rijndael/CFB8/NoPadding";

    public static final String  MESSAGE_DIGEST_ALGORITHM    = "MD5";
    public static final String  AES                         = "AES";
    public static final String  AES_ECB_NO_PADDING          = "AES/ECB/NoPadding";

    private static byte[] md5(final String input) throws NoSuchAlgorithmException {
        final MessageDigest md = MessageDigest.getInstance(MESSAGE_DIGEST_ALGORITHM);
        return md.digest(input.getBytes());
    }

    private Cipher initCipher(final int mode, final String secretKey) throws Exception {
        final byte[] key = md5(secretKey);
        final byte[] iv = md5(secretKey);

        final SecretKeySpec skeySpec = new SecretKeySpec(key, AES);

        /* This valid with other ciphers than Rijndael/CFB8/NoPadding */
        // final IvParameterSpec initialVector = new IvParameterSpec(iv);

        /* Use this with Rijndael/CFB8/NoPadding */
        final IvParameterSpec initialVector = new IvParameterSpec(getIvBytes(iv));

        final Cipher cipher = Cipher.getInstance(CHIPHER);
        cipher.init(mode, skeySpec, initialVector);

        return cipher;
    }

    public String encrypt(final String dataToEncrypt, final String secretKey) {
        if (Utils.isEmpty(secretKey))
            return dataToEncrypt;

        String encryptedData = null;
        try {
            final Cipher cipher = initCipher(Cipher.ENCRYPT_MODE, secretKey);
            final byte[] encryptedByteArray = cipher.doFinal(dataToEncrypt.getBytes(Charset.forName("UTF8")));
            final BASE64Encoder enc = new BASE64Encoder();
            encryptedData = enc.encode(encryptedByteArray);
            encryptedData = encryptedData.replace("+", "-");
            encryptedData = encryptedData.replace("/", "_");
        } catch (Exception e) {
            System.err.println("Problem encrypting the data");
            e.printStackTrace();
        }

        return encryptedData;
    }

    public String decrypt(final String encryptedData, final String secretKey) {
        String decryptedData = null;
        String inData = encryptedData;
        try {
            final Cipher cipher = initCipher(Cipher.DECRYPT_MODE, secretKey);
            final BASE64Decoder dec = new BASE64Decoder();
            inData = inData.replace("-", "+");
            inData = inData.replace("_", "/");
            final byte[] encryptedByteArray = dec.decodeBuffer(inData); // ok
            final byte[] decryptedByteArray = cipher.doFinal(encryptedByteArray);
            decryptedData = new String(decryptedByteArray, "UTF8");
        } catch (Exception e) {
            System.err.println("Problem decrypting the data");
            e.printStackTrace();
        }
        return decryptedData;
    }

    /**
     * This method is only for Rijndael/CFB8/NoPadding
     * 
     * @param hashedKey
     *            md5
     * @return byte array
     * @throws Exception
     *             If any exceptions.
     */
     // on passe en arg le hash de la clé
    protected byte[] getIvBytes(byte[] hashedKey) throws Exception {
        byte[] inputBytes = new byte[16]; // init son tableau a 16 bytes
        final SecretKey key = new SecretKeySpec(hashedKey, AES); // secretKey
        final Cipher cipher = Cipher.getInstance(AES_ECB_NO_PADDING); 
        cipher.init(Cipher.ENCRYPT_MODE, key); // chiffre sa clé en AES avec un IV
        return cipher.doFinal(inputBytes);
    }
}

now this is what I tried so far :

using System;
using System.Collections.Generic;
using System.Globalization;
using System.IO;
using System.IO.Compression;
using System.Linq;
using System.Xml;
using System.Net;
using System.Web;
using System.Web.Services;
using Newtonsoft.Json;
using System.Security.Cryptography;
using System.Text;

namespace test
{
        public byte[] getIVBytes(byte[] hashedKey)
        {
            byte[] inputBytes = new byte[16];
            AesManaged tdes = new AesManaged();
            tdes.Key = hashedKey;
            tdes.Mode = CipherMode.ECB;
            tdes.BlockSize = 128;
            tdes.Padding = PaddingMode.None;
            ICryptoTransform crypt = tdes.CreateEncryptor();
            byte[] bla =  crypt.TransformFinalBlock(hashedKey, 0, inputBytes.Length);
            return bla;
        }

        [WebMethod]
        public string decrypt(String input, String key)
        {
            byte[] md5KeyHash;
            using (MD5 md5 = MD5.Create())
            {
                md5KeyHash = md5.ComputeHash(Encoding.UTF8.GetBytes(key));
            }
            input = input.Replace("-", "+");
            input = input.Replace("_", "/");
            input = input.Replace(" ", "");
            byte[] data = Convert.FromBase64String(input); // récupérer l'array de bytes du message chiffré encodé en b64
            String decrypted;
            using (RijndaelManaged rijAlg = new RijndaelManaged())
            {
                rijAlg.Mode = CipherMode.CFB;
                rijAlg.BlockSize = 128;
                rijAlg.Padding = PaddingMode.None;
                rijAlg.Key = md5KeyHash;
                rijAlg.IV = getIVBytes(md5KeyHash);

                ICryptoTransform decryptor = rijAlg.CreateDecryptor(rijAlg.Key, null);
                using (MemoryStream msDecrypt = new MemoryStream(data))
                {
                    using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
                    {
                        using (StreamReader srDecrypt = new StreamReader(csDecrypt))
                        {
                            decrypted = srDecrypt.ReadToEnd();
                        }
                    }
                }
            }
            return decrypted;
}

Code seems to be "correct" because no errors are thrown except this : XML Error analysis : An Invalid character was found in text content. At: http://localhost:55175/WebService1.asmx/decrypt line 2, col44 :�Me����>m�H�ZԤ�af2ɾ`A�ٖ�H$�&/

What am I missing ?

Answer 1

There are some bugs in the C#-code:

• In the getIVBytes-method, replace line

  byte[] bla = crypt.TransformFinalBlock(hashedKey, 0, inputBytes.Length);
  

  by

  byte[] bla = crypt.TransformFinalBlock(inputBytes, 0, inputBytes.Length); // encrypt inputBytes
  

• In the decrypt-method, add before the CreateDecryptor-call

  rijAlg.FeedbackSize = 8; // Use CFB8
  

  and replace line

  ICryptoTransform decryptor = rijAlg.CreateDecryptor(rijAlg.Key, null);
  

  by

  ICryptoTransform decryptor = rijAlg.CreateDecryptor(rijAlg.Key, rijAlg.IV); // Consider the IV
  

Then the posted ciphertext can be decrypted with the C#-code into the posted plaintext.