Python AES-CTR is not compatible with Golang

Question

I'm using Python2.7 with pycryptodome 3.6.6 and Golang1.10.4 on Ubuntu 16.04.

The encrypt algorithm I choose is AES-CTR-128. But the data encrypted by Python and Golang have different result. So there's a problem to communicate between the apps written by these two languages.

Here is my implement:

Python:

#coding=utf-8

from __future__ import absolute_import
import binascii
from Crypto.Cipher import AES
from Crypto.Util import Counter

def hexlify(binary):
    return binascii.hexlify(binary)

class AES_CTR(object):
    def __init__(self, key, iv):
        assert len(key) == 16
        assert len(iv) == 16
        ctr = Counter.new(128)
        self.aes = AES.new(key, AES.MODE_CTR, counter=ctr)

    def encrypt(self, plain_data):
        return self.aes.encrypt(plain_data)

    def decrypt(self, encrypted_data):
        return self.aes.decrypt(encrypted_data)

if __name__ == '__main__':
    aes = AES_CTR('abcdef0123456789', '0123456789abcdef')
    print hexlify(aes.encrypt("hello")) #print '9b1a038478'
    print hexlify(aes.encrypt("hello")) #print '8751ea0448'
    print hexlify(aes.encrypt("world")) #print 'b6aa7c286b'

Golang

package main

import (
    "crypto/aes"
    "crypto/cipher"
    "encoding/hex"
    "fmt"
)


type AESCipher struct {
    iv []byte
    stream cipher.Stream
}

func NewAESCipher(key []byte, iv []byte) *AESCipher {
    if (len(iv) != 16 || len(key) != 16) {
        panic("iv length or key length error")
    }
    block, err := aes.NewCipher(key)
    if (err != nil) {
        panic(err)
    }
    return &AESCipher {
        iv: iv,
        stream: cipher.NewCTR(block, iv),
    }
}

func (cipher *AESCipher) Encrypt(buffer []byte) []byte {
    encrypted := make([]byte, len(buffer))
    cipher.stream.XORKeyStream(encrypted, buffer)
    return encrypted
}

func (cipher *AESCipher) Decrypt(buffer []byte) []byte {
    decrypted := make([]byte, len(buffer))
    cipher.stream.XORKeyStream(decrypted, buffer)
    return decrypted
}

func main() {
    iv := []byte("0123456789abcdef")
    key := []byte("abcdef0123456789")
    cipher := NewAESCipher(key, iv)

    encrypted1 := cipher.Encrypt([]byte("hello"))
    fmt.Println(hex.EncodeToString(encrypted1)) // print '94ee8ac46a'
    encrypted2 := cipher.Encrypt([]byte("hello"))
    fmt.Println(hex.EncodeToString(encrypted2)) // print 'b36d48ad7e'
    encrypted3 := cipher.Encrypt([]byte("world"))
    fmt.Println(hex.EncodeToString(encrypted3)) // print '7302071a9c'
}

score 2 · Answer 1 · answered Dec 25 '18 at 09:38

2

Problem solved.

Accroding to this answer, the default implementation of pycryptodome is not correct. We can change the Counter to make it work as expected.

ctr = Counter.new(128, initial_value=bytes_to_long(iv))

Now it works perfectly.

answered Dec 25 '18 at 09:38

Wizmann

839
1
9
14

score 1 · Answer 2 · answered Dec 28 '18 at 19:37

1

You can simplify your code, by not using the Counter class at all, a documented here:

self.aes = AES.new(key, AES.MODE_CTR, initial_value=iv)

answered Dec 28 '18 at 19:37

SquareRootOfTwentyThree

7,606
32
43

JenilDave · Answer 3 · 2020-04-02T00:46:04.030

0

Try this out:

ctr = Counter.new(128, initial_value= int.frombytes(iv.encode(),'little'))

IV is always to be passed as an integer value and Key in bytes format. Check Documentation from above mentioned links

edited Apr 02 '20 at 00:46

answered Apr 02 '20 at 00:40

JenilDave

606
6
14

Python AES-CTR is not compatible with Golang

3 Answers3