SoftwareVerde/java-dukpt

I need to know how to decrypt AES/256/CBC.

Closed this issue · 2 comments

masaya-kato63 commented

The length of the AES Dukpt decryption is not adequate to perform the decryption.

  private static BitSet _nonReversibleKeyGenerationProcess(BitSet p_key, String ivString, BitSet data, BitSet keyRegisterBitmask) throws Exception {
    BitSet keyreg = p_key.get(0, p_key.bitSize()); // 256 bytes
    BitSet reg1 = data.get(0, data.bitSize()); // 64 bytes
    // step 1: Crypto Register-1 XORed with the right half of the Key Register goes to Crypto Register-2.
    BitSet reg2 = reg1.get(0, 64); // reg2 is being used like a temp here
    reg2.xor(keyreg.get(64, 128)); // and here, too, kind of
    // step 2: Crypto Register-2 DEA-encrypted using, as the key, the left half of the Key Register goes to Crypto Register-2
    reg2 = toBitSet(encryptAes(toByteArray(keyreg.get(0, 128)), ivString, toByteArray(reg2)));
    // step 3: Crypto Register-2 XORed with the right half of the Key Register goes to Crypto Register-2
    reg2.xor(keyreg.get(64, 128));
    // done messing with reg2

    // step 4: XOR the Key Register with hexadecimal C0C0 C0C0 0000 0000 C0C0 C0C0 0000 0000
    keyreg.xor(keyRegisterBitmask);
    // step 5: Crypto Register-1 XORed with the right half of the Key Register goes to Crypto Register-1
    reg1.xor(keyreg.get(64, 128));
    // step 6: Crypto Register-1 DEA-encrypted using, as the key, the left half of the Key Register goes to Crypto Register-1
    reg1 = toBitSet(encryptAes(toByteArray(keyreg.get(0, 128)), ivString, toByteArray(reg1)));
    // step 7: Crypto Register-1 XORed with the right half of the Key Register goes to Crypto Register-1
    reg1.xor(keyreg.get(64, 128));
    // done

    byte[] reg1b = toByteArray(reg1), reg2b = toByteArray(reg2);
    byte[] key = concat(reg1b, reg2b);
    BitSet rkey = toBitSet(key);

    // secure memory
    obliviate(reg1);
    obliviate(reg2);
    obliviate(reg1b);
    obliviate(reg2b);
    obliviate(key);
    obliviate(keyreg);

    return rkey;
  }
"Invalid AES key length: 8 bytes"
thesquaregroot commented

This library only supports 3DES DUKPT at this point. Are you trying to re-work it to support AES DUKPT?

I'm not particularly familiar with the differences between the algorithms, but it can't be as simple as using AES where DES was used. The error your'e seeing highlights why: DES uses 64-bit keys while AES is only defined for 128, 192, or 256 bits.

masaya-kato63 commented

I see (:-\