Different Results in Go and Pycrypto When Using AES-CFB
The issue presented here involves encrypting data using AES-CFB with Go and Pycrypto, resulting in different ciphertexts. The provided Python and Go samples use identical keys, IVs, and plaintexts yet produce vastly distinct encrypted data:
Python: dbf6b1877ba903330cb9cf0c4f530d40bf77fe2bf505820e993741c7f698ad6b
Go: db70cd9e6904359cb848410bfa38d7d0a47b594f7eff72d547d3772c9d4f5dbe
Each language can decrypt its own ciphertext but fails to decrypt the other's output, hindering interoperability.
Resolution
The disparity stems from the different bit segment sizes used for CFB mode by Python and Go. Python utilizes CFB8, where data is processed in 8-bit segments, while Go's default implementation processes data in 128-bit blocks.
To resolve the issue and ensure Go can decrypt ciphertexts encrypted using Pycrypto's AES-CFB settings, one must modify Go's CFBEncrypter / CFBDecrypter to be compatible with 8-bit segments. The provided Go sample relies on the code within these functions to perform CFB encryption.
This customization involves:
Implementing a custom NewCFBDecrypter function that sets the segment size to 8:
func NewCFBDecrypter(block cipher.Block, iv []byte) cipher.Stream {
if len(block.BlockSize()) != aes.BlockSize {
panic("cipher: NewCFBDecrypter: invalid block size")
}
cfb := cfbDecrypter{
blockSize: block.BlockSize(),
iv: iv,
segmentSize: 8,
enc: block,
ofb: copyBlock(block),
}
resetOfb(&cfb)
return &cfb
}Modifying the XORKeyStream function to process data in 8-bit chunks instead of 128-bit blocks:
func (x *cfbDecrypter) XORKeyStream(dst, src []byte) {
dst = dst[:len(src)]
switch {
case len(src) == 0:
return
case len(src) < x.segmentSize:
x.segBuf[0:len(src)] = src
x.segPos = len(src)
default:
segmentSize := x.segmentSize
for i := 0; i < len(src)-segmentSize+1; i += segmentSize {
j := i + segmentSize
xorBytes(dst[i:j], src[i:j], x.iv[x.segI:])
x.encryptLogical(x.iv[x.segI:], x.segBuf[:segmentSize])
copy(x.iv[x.segI:], dst[i:j])
x.segI += segmentSize
if x.segI >= x.blockSize {
x.segI = 0
}
}
n := len(src) - len(src)%x.segmentSize
x.segBuf[0:len(src[n:])] = src[n:]
x.segPos = len(src[n:])
}
}With these changes, the Go sample should produce the same ciphertext as the Python implementation:
payload, err1 := hex.DecodeString("abababababababababababababababababababababababababababababababab")
password, err2 := hex.DecodeString("0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF")
iv, err3 := hex.DecodeString("00000000000000000000000000000000")
if err1 != nil {
fmt.Printf("error 1: %v", err1)
return
}
if err2 != nil {
fmt.Printf("error 2: %v", err2)
return
}
if err3 != nil {
fmt.Printf("error 3: %v", err3)
return
}
aesBlock, err4 := aes.NewCipher(password)
iv = iv[0:aes.BlockSize] // Trim the IV if it's longer than the AES block size
fmt.Printf("IV length:%v\n", len(iv))
fmt.Printf("password length:%v\n", len(password))
if err4 != nil {
fmt.Printf("error 4: %v", err4)
return
}
cfbDecrypter := cipher.NewCFBDecrypter(aesBlock, iv)
cfbDecrypter.XORKeyStream(payload, payload)
fmt.Printf("%v\n", hex.EncodeToString(payload)) // dbf6b1877ba903330cb9cf0c4f530d40bf77fe2bf505820e993741c7f698ad6bThe above is the detailed content of Why do Go and Pycrypto produce different ciphertexts when using AES-CFB, and how can this be resolved?. For more information, please follow other related articles on the PHP Chinese website!
How to use the atom editor
resample function usage
How to use the choose function
How to create virtual wifi in win7
How to solve the problem that the device manager cannot be opened
How to use the length function in Matlab
What does frame rate mean?
The difference between console cable and network cable
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
