Why do Go and Pycrypto produce different ciphertexts when using AES-CFB, and how can this be resolved?-Golang-php.cn

Home

Backend Development

Golang

Why do Go and Pycrypto produce different ciphertexts when using AES-CFB, and how can this be resolved?

Susan Sarandon

Dec 07, 2024 pm 03:37 PM

Why do Go and Pycrypto produce different ciphertexts when using AES-CFB, and how can this be resolved?

Different Results in Go and Pycrypto When Using AES-CFB

The issue presented here involves encrypting data using AES-CFB with Go and Pycrypto, resulting in different ciphertexts. The provided Python and Go samples use identical keys, IVs, and plaintexts yet produce vastly distinct encrypted data:

Python: dbf6b1877ba903330cb9cf0c4f530d40bf77fe2bf505820e993741c7f698ad6b
Go: db70cd9e6904359cb848410bfa38d7d0a47b594f7eff72d547d3772c9d4f5dbe

Each language can decrypt its own ciphertext but fails to decrypt the other's output, hindering interoperability.

Resolution

The disparity stems from the different bit segment sizes used for CFB mode by Python and Go. Python utilizes CFB8, where data is processed in 8-bit segments, while Go's default implementation processes data in 128-bit blocks.

To resolve the issue and ensure Go can decrypt ciphertexts encrypted using Pycrypto's AES-CFB settings, one must modify Go's CFBEncrypter / CFBDecrypter to be compatible with 8-bit segments. The provided Go sample relies on the code within these functions to perform CFB encryption.

This customization involves:

Implementing a custom NewCFBDecrypter function that sets the segment size to 8:

func NewCFBDecrypter(block cipher.Block, iv []byte) cipher.Stream {
 if len(block.BlockSize()) != aes.BlockSize {
     panic("cipher: NewCFBDecrypter: invalid block size")
 }
 cfb := cfbDecrypter{
     blockSize:  block.BlockSize(),
     iv:         iv,
     segmentSize: 8,
     enc:        block,
     ofb:        copyBlock(block),
 }
 resetOfb(&cfb)
 return &cfb
}

Modifying the XORKeyStream function to process data in 8-bit chunks instead of 128-bit blocks:

func (x *cfbDecrypter) XORKeyStream(dst, src []byte) {
 dst = dst[:len(src)]
 switch {
 case len(src) == 0:
     return
 case len(src) = x.blockSize {
             x.segI = 0
         }
     }
     n := len(src) - len(src)%x.segmentSize
     x.segBuf[0:len(src[n:])] = src[n:]
     x.segPos = len(src[n:])
 }
}

With these changes, the Go sample should produce the same ciphertext as the Python implementation:

payload, err1 := hex.DecodeString("abababababababababababababababababababababababababababababababab")
password, err2 := hex.DecodeString("0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF")
iv, err3 := hex.DecodeString("00000000000000000000000000000000")

if err1 != nil {
    fmt.Printf("error 1: %v", err1)
    return
}

if err2 != nil {
    fmt.Printf("error 2: %v", err2)
    return
}

if err3 != nil {
    fmt.Printf("error 3: %v", err3)
    return
}

aesBlock, err4 := aes.NewCipher(password)
iv = iv[0:aes.BlockSize] // Trim the IV if it's longer than the AES block size

fmt.Printf("IV length:%v\n", len(iv))
fmt.Printf("password length:%v\n", len(password))

if err4 != nil {
    fmt.Printf("error 4: %v", err4)
    return
}

cfbDecrypter := cipher.NewCFBDecrypter(aesBlock, iv)
cfbDecrypter.XORKeyStream(payload, payload)

fmt.Printf("%v\n", hex.EncodeToString(payload)) // dbf6b1877ba903330cb9cf0c4f530d40bf77fe2bf505820e993741c7f698ad6b

The above is the detailed content of Why do Go and Pycrypto produce different ciphertexts when using AES-CFB, and how can this be resolved?. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Golang: The Go Programming Language ExplainedApr 10, 2025 am 11:18 AM

The core features of Go include garbage collection, static linking and concurrency support. 1. The concurrency model of Go language realizes efficient concurrent programming through goroutine and channel. 2. Interfaces and polymorphisms are implemented through interface methods, so that different types can be processed in a unified manner. 3. The basic usage demonstrates the efficiency of function definition and call. 4. In advanced usage, slices provide powerful functions of dynamic resizing. 5. Common errors such as race conditions can be detected and resolved through getest-race. 6. Performance optimization Reuse objects through sync.Pool to reduce garbage collection pressure.

Golang's Purpose: Building Efficient and Scalable SystemsApr 09, 2025 pm 05:17 PM

Go language performs well in building efficient and scalable systems. Its advantages include: 1. High performance: compiled into machine code, fast running speed; 2. Concurrent programming: simplify multitasking through goroutines and channels; 3. Simplicity: concise syntax, reducing learning and maintenance costs; 4. Cross-platform: supports cross-platform compilation, easy deployment.

Why do the results of ORDER BY statements in SQL sorting sometimes seem random?Apr 02, 2025 pm 05:24 PM

Confused about the sorting of SQL query results. In the process of learning SQL, you often encounter some confusing problems. Recently, the author is reading "MICK-SQL Basics"...

Is technology stack convergence just a process of technology stack selection?Apr 02, 2025 pm 05:21 PM

The relationship between technology stack convergence and technology selection In software development, the selection and management of technology stacks are a very critical issue. Recently, some readers have proposed...

Will improper use of Golang mutex cause 'fatal error: sync: unlock of unlocked mutex' error? How to avoid this problem?Apr 02, 2025 pm 05:18 PM

Golang ...

How to use reflection comparison and handle the differences between three structures in Go?Apr 02, 2025 pm 05:15 PM

How to compare and handle three structures in Go language. In Go programming, it is sometimes necessary to compare the differences between two structures and apply these differences to the...

How to view globally installed packages in Go?Apr 02, 2025 pm 05:12 PM

How to view globally installed packages in Go? In the process of developing with Go language, go often uses...

What should I do if the custom structure labels in GoLand are not displayed?Apr 02, 2025 pm 05:09 PM

What should I do if the custom structure labels in GoLand are not displayed? When using GoLand for Go language development, many developers will encounter custom structure tags...

See all articles