Can't get my custom RIJNDAEL128 Encryptor working

[gregor...@googlemail.com]

Hi everybody,
I hope this group is not dead yet. I need to implement and Encryptor which implements the encryption method 14 (Rijndael128) of nsca. Unfortunally I can't get it working properly. Heres my Encryptor code

public class Rijndael128Encryptor implements Encryptor {
   
    public static final String ID = "RIJNDAEL128";
   
    private static final String RIJNDAEL128 = "AES";
    private static final String RIJNDAEL128_TRANSFORMATION = "AES/CFB8/NoPadding";
   
    @Override
    public void encrypt(byte[] passiveCheckBytes, byte[] initVector, String password) {
        try {
            final byte[] keyBytes = toFixedSizeByteArray(password.getBytes(), 16);
            final byte[] initVectorBytes = toFixedSizeByteArray(initVector, 16);
   
            final SecretKey key = new SecretKeySpec(keyBytes, RIJNDAEL128);
            final IvParameterSpec iv = new IvParameterSpec(initVectorBytes);

            final Cipher cipher = Cipher.getInstance(RIJNDAEL128_TRANSFORMATION);
            cipher.init(Cipher.ENCRYPT_MODE, key, iv);
            final byte[] cipherText = cipher.doFinal(passiveCheckBytes);

            for(int i = 0; i < passiveCheckBytes.length; i++) {
                passiveCheckBytes[i] = cipherText[i];
            }
           
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
   
    private byte[] toFixedSizeByteArray(byte[] source, int fixedLength) {
        byte[] result = new byte[fixedLength];

        for (int i = 0; i < fixedLength && i < source.length; i++) {
            if (i < source.length) {
                result[i] = source[i];
            } else {
                result[i] = 0;
            }
        }

        return result;
    }

}

I'm using Bouncy Castle and tried the following Ciphers with no success

• AES/CFB8/NoPadding
• AES/CFB8/ZeroBytePadding
• AES/CFB8/PKCS7Padding

And also every option using "Rijndael" instead of "AES"

Note: I must use Rijndael128, because this cipher is used in our productive environment. Using other encryptions it works fine, so I think my problem is not a configuration problem.

The log message always gives me:

Received invalid packet type/version from client - possibly due to client using wrong password or crypto algorithm?

Im thankful for any tips, I have no idea, what I am doing wrong and this is slowly getting on my nerves :(

[Raj Patel]

Hi 

Im the project lead for jsend-nsca but this is one area where I really have no experience. 

However, googling around, seems like AES is standardised Rijndael128 so can you not use the AES support in Java Crypto Extensions library and see if that works.

Good luck

Raj

--
You received this message because you are subscribed to the Google Groups "jsend-nsca" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jsend-nsca+...@googlegroups.com.
To post to this group, send email to jsend...@googlegroups.com.
Visit this group at http://groups.google.com/group/jsend-nsca.
For more options, visit https://groups.google.com/d/optout.

--
Raj Patel
Mobile: 07957 446908
Home: 0208 346 3248

[Raj Patel]

Also, can you get Rijndael 128 working with the standard send_nsca command line tool to ensure everything plays nicely using nagios standard tools.

[gregor...@googlemail.com]

Hi,
thanks for your replies :). I finally got it working and for anybody who's interested, here's the catch:
I looked into the code of send_nsca and how the encryption is done. It's using the

mcrypt_enc_get_key_size
and
mcrypt_enc_get_iv_size
c functions to retrieve the MAXIMUM size for the key and the size for the IV, which, after a quick search using google, apparently are 32 bytes keysize and 16 bytes iv for Rijndael128. My resulting code looks now like this and is working fine (I'm using the Bouncy Castle API):

public class Rijndael128Encryptor implements Encryptor {
       
       public static final String ID = "RIJNDAEL128";

       
       @Override

       public void encrypt(byte[] passiveCheckBytes, byte[] initVector, String password) {
        try {

             
             final byte[] keyBytes = toFixedSizeByteArray(password.getBytes(), 32);

             final byte[] initVectorBytes = toFixedSizeByteArray(initVector, 16);

             
             BufferedBlockCipher cipher = new BufferedBlockCipher(new CFBBlockCipher(new AESEngine(), 8));
             
             cipher.init(true, new ParametersWithIV(new KeyParameter(keyBytes), initVectorBytes));
             byte[] result = new byte[cipher.getOutputSize(passiveCheckBytes.length)];
             
             int cipherLength = cipher.processBytes(passiveCheckBytes, 0, passiveCheckBytes.length, result, 0);
             cipher.doFinal(result, cipherLength);

             
             for(int i = 0; i < passiveCheckBytes.length; i++) {

                    passiveCheckBytes[i] = result[i];

             }
            
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
       }
       
       private byte[] toFixedSizeByteArray(byte[] source, int fixedLength) {
        byte[] result = new byte[fixedLength];

        for (int i = 0; i < fixedLength && i < source.length; i++) {
            if (i < source.length) {
                result[i] = source[i];
            } else {
                result[i] = 0;
            }
        }

        return result;
    }
}

Of course I will refactor it, because it's kind of crappy :). But for now it gets the job done!