Y-AE | Official Tensorflow implementation of the paper | Machine Learning library

In my_decrypt() when writing the decrypted data to the file the length determined with pkcs7_padding_data_length() is not used: int out_len = sizeof(hexarray) must be replaced by int out_len = actualDataLength. This makes the decryption work on my machine.

Furthermore the padding of the ciphertext in my_decrypt() makes no sense. It also has no effect here, since pkcs7_padding_pad_buffer() does not pad due to data_length + pad_byte > buffer_size (and pkcs7_padding_valid() indicates an invalid padding).

Also, the key should not be padded. If the key does not have the length defined for AES, it is better to display an error message. If a password is to be used instead of the key, a reliable key derivation function like PBKDF2 should be used.

Finally, for security reasons, don't apply a static IV.

The below code is doing a complete file encryption and decryption and is compatible to the OpenSSL commands

What you are looking for is to dodge the crossbar geom. For example:

This could be as simple as:

• In the PHP code, AES-256 is used. tiny-AES-c only supports AES-128 by default. In order for AES-256 to be supported, the corresponding constant must be defined in aes.h, i.e. the line //#define AES256 1 must be commented in, here.

• PHP uses PKCS7 padding by default. The padding should be removed in the C code.

• PHP implicitly pads too short keys with zero values to the specified length. Since AES-256-CBC was specified in the PHP code, the key test is extended as follows:

Is this what you're looking for?

The first call to AES_CTR_xcrypt_buffer encrypts the buffer in place in CTR mode.

The buffer still has the same size (128 in your case), but can contain NUL bytes.

The strlen call in the second call of AES_CTR_xcrypt_buffer for decryption can therefore result in a length < 128 if the buffer contains a NUL byte. By the way: It works in cases where the encryption does not result in a NUL byte in the buffer.

So if you call it with TOKEN_LENGTH as the length parameter decryption will give the original string again:

Disclaimer: I work for Netlify

As we mentioned to you in your helpdesk ticket on this same topic, our deploy environment is very naked - you have to:

1. specify dependencies that we can automatically install - npm/yarn deps, bower deps, gems and python packages.
2. install other dependencies yourself. the 'dotnet' program will be one of this type. We don't have it in our install environment, so you need to somehow import a copy of it into the environment. Seems like you can download the entire SDK here: https://www.microsoft.com/net/download/linux and then you need to import ONLY what is necessary for your build - it will take a very long time to build your site if we have to download the entire SDK, so see what you can trim down to get 'dotnet' to run.

For the purposes of #2, you'll probably need to test things in our build environment. How to do that, and details you'll need about the build environment such as OS type so you can download the right version of the SDK are described in this article:

https://www.netlify.com/blog/2016/10/18/how-our-build-bots-build-sites/

This will take some work on your part. It will not be trivial. It is not something we can help with in more detail than that for free customers unless you come with specific questions and examples.

To address some thoughts in the comments:

• build.sh is indeed our build script
• 9:46:52 AM: /opt/build/build.sh: line 427: dotnet: command not found means that literally there is no dotnet command available to run - not that some config file is missing.
• we only try to run it once since you have set your command to use && to chain several commands - one fails, the whole chain fails, and we don't need to run it two more times once the first failure occurs :)

You need to pass entire IV as initial counter value: