PyCrypto AES encryption not working as expected

Question

I am creating a Python function to perform counter mode encryption using the PyCrypto module. I am aware of the builtin, but want to implement it myself.

I'm trying Test Vector #1 from RFC 3686, and have the correct Counter Block and the correct Key in ASCII form. But when I encrypt the Counter Block using the Key, I don't get the expected Key Stream.

The relevant parts of my code:

cipher = AES.new(key)
ctr_block = iv + nonce + ctr
key_stream = base64.b64decode(cipher.encrypt(ctr_block))

I can provide more code if needed, but I'm not sure how because ctr_block and key have many question mark characters when I print them.

Why am I not getting the expected answer? It seems like everything should go right. Perhaps I made some mistake with the encoding of the string.

Edit

Self-contained code:

from Crypto.Cipher import AES
import base64

def hex_to_str(hex_str):
    return str(bytearray([int(n, 16) for n in hex_str.split()]))

key = hex_to_str("AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E")
iv = hex_to_str("00 00 00 00 00 00 00 00")
nonce = hex_to_str("00 00 00 30")
ctr = hex_to_str("00 00 00 01")

cipher = AES.new(key)
ctr_block = iv + nonce + ctr
key_stream = base64.b64decode(cipher.encrypt(ctr_block))

print "".join([hex(ord(char)) for char in key_stream])
# 0xd90xda0x72

To provide an example that can be tested you need at least to show how you made `key`, `iv`, `nonce` and `ctr`. — wRAR, Mar 31 '13 at 23:53
An example would be [Roland Smith's code](http://stackoverflow.com/a/15736125/805556). — LonelyWebCrawler, Apr 01 '13 at 00:49
I have updated my answer with code that is described by the first two adjectives but probably not the third. — LonelyWebCrawler, Apr 01 '13 at 01:00

Roland Smith · Answer 1 · 2013-04-01T01:17:02.930

1

First, use byte strings:

In [14]: keystring = "AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E"

In [15]: keystring.replace(' ', '').decode('hex')
Out[15]: '\xaehR\xf8\x12\x10g\xccK\xf7\xa5vUw\xf3\x9e'

Second, you shouldn't use base64.

edited Apr 01 '13 at 01:17

answered Apr 01 '13 at 00:24

Roland Smith

42,427
3
64
94

This should be a comment, not an answer. – wRAR Apr 01 '13 at 00:27
Using your code I still get the wrong answer. However, I just discovered something: My keystream is only _three characters long_. – LonelyWebCrawler Apr 01 '13 at 00:49
Thanks for the function, but my code still doesn't work. Please see my edit. – LonelyWebCrawler Apr 01 '13 at 01:01

score 1 · Accepted Answer · answered Apr 01 '13 at 01:12

1

First, the correct CTR block order is nonce + iv + ctr. Second, that base64.b64decode call is wrong: cipher.encrypt produces a decoded string. After these two fixes your code prints 0xb70x600x330x280xdb0xc20x930x1b0x410xe0x160xc80x60x7e0x620xdf which seems to be a correct key stream.

answered Apr 01 '13 at 01:12

wRAR

25,009
4
84
97

Yes! Thank you. I got the incorrect `b64encode` part from a [blog post](http://www.codekoala.com/blog/2009/aes-encryption-python-using-pycrypto/) which I misinterpreted. – LonelyWebCrawler Apr 01 '13 at 01:17

PyCrypto AES encryption not working as expected

2 Answers2