Home > Backend Development > Golang > Why do Go and Pycrypto produce different ciphertexts when using AES-CFB, and how can this be resolved?

Why do Go and Pycrypto produce different ciphertexts when using AES-CFB, and how can this be resolved?

Susan Sarandon
Release: 2024-12-07 15:37:10
Original
647 people have browsed it

Why do Go and Pycrypto produce different ciphertexts when using AES-CFB, and how can this be resolved?

Different Results in Go and Pycrypto When Using AES-CFB

The issue presented here involves encrypting data using AES-CFB with Go and Pycrypto, resulting in different ciphertexts. The provided Python and Go samples use identical keys, IVs, and plaintexts yet produce vastly distinct encrypted data:

Python: dbf6b1877ba903330cb9cf0c4f530d40bf77fe2bf505820e993741c7f698ad6b
Go: db70cd9e6904359cb848410bfa38d7d0a47b594f7eff72d547d3772c9d4f5dbe

Each language can decrypt its own ciphertext but fails to decrypt the other's output, hindering interoperability.

Resolution

The disparity stems from the different bit segment sizes used for CFB mode by Python and Go. Python utilizes CFB8, where data is processed in 8-bit segments, while Go's default implementation processes data in 128-bit blocks.

To resolve the issue and ensure Go can decrypt ciphertexts encrypted using Pycrypto's AES-CFB settings, one must modify Go's CFBEncrypter / CFBDecrypter to be compatible with 8-bit segments. The provided Go sample relies on the code within these functions to perform CFB encryption.

This customization involves:

  1. Implementing a custom NewCFBDecrypter function that sets the segment size to 8:

    func NewCFBDecrypter(block cipher.Block, iv []byte) cipher.Stream {
     if len(block.BlockSize()) != aes.BlockSize {
         panic("cipher: NewCFBDecrypter: invalid block size")
     }
     cfb := cfbDecrypter{
         blockSize:  block.BlockSize(),
         iv:         iv,
         segmentSize: 8,
         enc:        block,
         ofb:        copyBlock(block),
     }
     resetOfb(&cfb)
     return &cfb
    }
    Copy after login
  2. Modifying the XORKeyStream function to process data in 8-bit chunks instead of 128-bit blocks:

    func (x *cfbDecrypter) XORKeyStream(dst, src []byte) {
     dst = dst[:len(src)]
     switch {
     case len(src) == 0:
         return
     case len(src) < x.segmentSize:
         x.segBuf[0:len(src)] = src
         x.segPos = len(src)
     default:
         segmentSize := x.segmentSize
         for i := 0; i < len(src)-segmentSize+1; i += segmentSize {
             j := i + segmentSize
             xorBytes(dst[i:j], src[i:j], x.iv[x.segI:])
             x.encryptLogical(x.iv[x.segI:], x.segBuf[:segmentSize])
             copy(x.iv[x.segI:], dst[i:j])
             x.segI += segmentSize
             if x.segI >= x.blockSize {
                 x.segI = 0
             }
         }
         n := len(src) - len(src)%x.segmentSize
         x.segBuf[0:len(src[n:])] = src[n:]
         x.segPos = len(src[n:])
     }
    }
    Copy after login

With these changes, the Go sample should produce the same ciphertext as the Python implementation:

payload, err1 := hex.DecodeString("abababababababababababababababababababababababababababababababab")
password, err2 := hex.DecodeString("0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF")
iv, err3 := hex.DecodeString("00000000000000000000000000000000")

if err1 != nil {
    fmt.Printf("error 1: %v", err1)
    return
}

if err2 != nil {
    fmt.Printf("error 2: %v", err2)
    return
}

if err3 != nil {
    fmt.Printf("error 3: %v", err3)
    return
}

aesBlock, err4 := aes.NewCipher(password)
iv = iv[0:aes.BlockSize] // Trim the IV if it's longer than the AES block size

fmt.Printf("IV length:%v\n", len(iv))
fmt.Printf("password length:%v\n", len(password))

if err4 != nil {
    fmt.Printf("error 4: %v", err4)
    return
}

cfbDecrypter := cipher.NewCFBDecrypter(aesBlock, iv)
cfbDecrypter.XORKeyStream(payload, payload)

fmt.Printf("%v\n", hex.EncodeToString(payload)) // dbf6b1877ba903330cb9cf0c4f530d40bf77fe2bf505820e993741c7f698ad6b
Copy after login

The above is the detailed content of Why do Go and Pycrypto produce different ciphertexts when using AES-CFB, and how can this be resolved?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template