views:

241

answers:

3

I have an application that uses an opensource "libgcrypt" to encrypt/decrypt a data block (32 bytes). Now I am going to use Microsoft CryptAPI to replace it. My problem is that the libgcrypt and cryptApi approaches generate different ciphertext contents as I use the same AES-256 algoritjm in CFB mode, same key, and same IV, although the ciphertext can be decrypted by their own correspndingly.

Could some tell me what is the problem? Thanks.

+2  A: 

Do the two assume different endianness, or assign the bytes in the key/IV in different orders?

If the endianness assumptions are different, you may need to re-order the bytes in the key, IV and/or plaintext to get matching results. For example, if you are supplying bytes in the order abcdefgh, you may need to switch this to 'dcbahgfe' to get things to work.

David M
I believe they have different endianness.
YCL
A: 

What is the length of your key and IV? Are ciphertexts different if the length of opentext is exactly 256 bit?

Nike
I can see where you're heading with this, but in CFB mode the cipher ought to be operating effectively as a stream cipher, with no padding...
David M
The length of key is 32 bytes, and IV, 16 bytes.The ciphertexts are different no matter the size of the opentext.
YCL
Re-orderring the bytes in the key, IV, and/or plaintext, and trying all their combinations. No one is working.
YCL
+1  A: 

There is an additional parameter for CFB, namely the "shift amount" at each iteration. The Wikipedia page on CFB has some information. Namely, you encrypt x bits for every block encryption, where x is any value between 1 and the block size (128 for AES). I suspect that in your code, the Microsoft CryptoAPI and libgcrypt do not use the same value for x.

As explained in the documentation for CryptSetKeyParam(), Windows defaults to x=8 (i.e. one byte at a time). This is the KP_MODE_BITS parameter. On the other hand, libgcrypt defaults to x=n for a n-bit block cipher (i.e. x=128 for AES). I am not sure libgcrypt can be convinced to use another value.

Thomas Pornin
Calling this CryptSetKeyParam() by passing value greater than 64 always returns 0 (fail), and this function call seems have no effect on the ciphertext contents when the mode-bits value is not more than 64 (probably because that fact that I only need to call the encryption function once in my application).
YCL