Home/ Questions/Q 6165101
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T22:06:29+00:00

I have a file encrypted using the following code in c: unsigned char ckey[]

  • 0

I have a file encrypted using the following code in c:

unsigned char ckey[] =  "0123456789ABCDEF"; 
unsigned char iv[8] = {0};
AES_set_encrypt_key(ckey, 128, &key);
AES_ctr128_encrypt(indata, outdata, 16, &key, aesstate.ivec, aesstate.ecount, &aesstate.num);

I have to decrypt this file using java so I was using the code below to do it:

private static final byte[] encryptionKey = new byte[]{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };

byte[] iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };

IvParameterSpec ips = new IvParameterSpec(iv);
Cipher aesCipher = Cipher.getInstance("AES/CTR/NoPadding");
SecretKeySpec aeskeySpec = new SecretKeySpec(encryptionKey, "AES");
aesCipher.init(Cipher.DECRYPT_MODE, aeskeySpec, ips);
FileInputStream is = new FileInputStream(in);
CipherOutputStream os = new CipherOutputStream(new FileOutputStream(out), aesCipher);       
copy(is, os);       
os.close();

The JAVA code doesn’t give me any error but the output is not correct.

What am I doing wrong?

My main doubts are if i’m using the correct padding (also tried PKCS5Padding without success) and if the key and iv are correct (don’t know what the function AES_set_encrypt_key really does…).

** EDIT **

I think I have an answer to my own question, but I still have some doubts.

CTR means counter mode. The function AES_ctr128_encrypt receives as parameters the actual counter (ecount) and the number of blocks used (num).

The file is being encrypted in blocks of 16 bytes, like this:

for(int i = 0; i < length; i+=16)
{
   // .. buffer processing here
   init_ctr(&aesstate, iv); //Counter call
   AES_ctr128_encrypt(indata, outdata, 16, &key, aesstate.ivec, aesstate.ecount, &aesstate.num);
}

the function init_ctr does this:

int init_ctr(struct ctr_state *state, const unsigned char iv[8])
{
    state->num = 0;
    memset(state->ecount, 0, 16);
    memset(state->ivec + 8, 0, 8);
    memcpy(state->ivec, iv, 8);
    return 0;
}

This means that before every encryption/decryption the C code is resetting the counter and the ivec.

I am trying to decrypt the file as a whole in java. This probably means Java is using the counter correctly but the C code is not as it is resetting the counter at each block.

Is my investigation correct?

I have absolutely NO CONTROL over the C code that is calling openssl. Is there a way of doing the same in JAVA, i.e. resetting the counter at each block of 16? (The API only requests the key, algorithm, mode and IV)

My only other option is to use openssl via JNI but I was trying to avoid it…

Thank you!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I did not try it, but you should be able to effectively emulate what is done there on the C side – decrypt each 16-byte (=128 bit) block separately, and reset the cipher between two calls.

    Please note that using CTR mode for just one block, with a zero initialization vector and counter, defeats the goal of CTR mode – it is worse than ECB.

    If I see this right, you could try to encrypt some blocks of zeros with your C function (or the equivalent Java version) – these should come out as the same block each time. XOR this block with any ciphertext to get your plaintext back.

    This is the equivalent to a Caesar cipher on a 128-bit alphabet (e.g. the 16-byte blocks), the block cipher adds no security here to a simple 128-bit XOR cipher. Guessing one block of plaintext (or more generally, guessing 128 bits at the right positions, not necessary all in the same block) allows getting the effective key, which allows getting all the remaining plaintext blocks.

    • 0