LUA communicates with PHP via AES data encryption

Recently, the company has a "around the nerve cat" small game hot not! The company also decided to develop a series of nerve cat games, so I was pulled over.

Later, using COCOS-2DX to develop a small game, the client with a LUA script, in order to server and client interaction security, we decided to API interface

The transmitted JSON data is encrypted and decrypted. The general situation is client-side encryption, and the server segment is decrypted:

The LUA client uses a library written in pure LUA: aeslua,:http://luaforge.net/projects/aeslua/

But the library is problematic: encrypted decryption with this library is not a problem, but with PHP communication is problematic, because the library after the Base64 encryption

The string PHP cannot be decrypted! To this question, I consulted a lot of information, and finally found a foreign God solution:

Http://chainans.blogspot.com/2012/09/working-with-lua-encryption.html (some students may not be able to fq, so the original paste out as follows:)

Working with Lua encryption

Recently working with Corona SDK, I-start to need some standard encryption/decryption algorithm in Lua. To start with, actually, it had rather small number of developers comparing to the objective-c which I had been working w ith. Meaning that there is fewer 3rd party Librarys you can rely upon. Luckily, I found one called Aeslua which have some code to start. From there, the my objective is-make a-to-securely passing data between my client and server. (PHP on Server-side) In fact, from what I'm read, my method is not very secure but it's better than nothing. Just for my reference, here is the list of issues along the

Edited:tested with IPhone 4 ... Input cipher text of characters. Take around seconds. Unacceptable speed for general uses.

1) It requires Lua 5.2 feature which does not seem to is in Corona

Solution:download Luabit v0.4 and integrate it ... You'll need to make a mapping to allow API call to the proper place

2) Next need to get Base64 library – grab it here https://gist.github.com/2563975 – it initially made to allow Passi Ng it over the URL (using '-' and ' _ ' instead of ' + ' and '/') so that I change them to the latter one.

3) for Aeslua, by default, it uses AES-128, CBC, some kind of the random padding <-I don ' t know its name, IV = 0. I'll change it to is AES-128, CBC, PKCS7 padding. The website to test if we conversion is OK or not

Http://www.unsw.adfa.edu.au/~lpb/src/AEScalc/AEScalc.html

http://www.tools4noobs.com/online_tools/decrypt/

Here is the things to do

3.1) in Pwinkey function, comment

password = ciphermode.encryptstring (pwbytes, password, CIPHERMODE.ENCRYPTCBC);

3.2) in util.padbytestring function, change it to

Local paddinglength = Math.ceil (#data/16) *16-#data;

Local padding = "";

Local paddingvalue = String.char (paddinglength)--PKCS7 padding

For i=1,paddinglength do

padding = padding: paddingvalue; - -PKCS7 padding

End

return data: padding;

4) Set up Web server for testing, you'll need Php/mcrypt mod to test.

5) Creating a PHP for testing ... here is a code

Now, my plain text below is "[Email protected]#%de".

<?php

$data = ' dxzndnxckorb7uz2on0aajp4bxgkyewbltnwbsaqsew= ';

$key 128 = ' 1234567890123456 ';

$iv = ' \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 ';

Echo Mcrypt_decrypt (mcrypt_rijndael_128, $key, Base64_decode ($data), MCRYPT_MODE_CBC, $iv)

?>

That ' s it. The encryption backward to client machine should is a piece of cake. =)

By using the These library, the user should was aware of the fact that Lua's performance is still far from native code. You may not be want to use this algorithm to encrypt a large volume of data.

In his way, everything is OK. However, the following points need to be explained below: (I groped)

1. The key of the string encrypted using CBC mode must be 16 bits, otherwise PHP cannot decrypt it!

2. The plaintext string must be prefixed with the key.

3. The above article did not put unpack function written out, I looked up some information, supplemented, otherwise aeslua can not be decrypted properly!

The following function in Util.lua is changed to the following:

function public.unpadbytestring (data)
Local padlength = Tonum ((string.byte (data, #data)));
Return String.sub (data,1, #data-padlength)--unpack
End