no error returns when a wrong key/iv is used for decrypting
Yves Pagani
ypagani at aps.edu.pl
Thu Feb 17 14:00:21 CET 2011
Hi all,
I'm doing some tests with the symmetric crypting functions of gcrypt.
I observed that when I give a wrong key or/and a wrong initialization vector for decrypting data via the gcry_cipher_decrypt function, it returns 0 instead of an error code.
Of course, with a wrong key/iv, data are not correctly decrypted.
The code given below shows this fact if uncommenting the second "gcry_randomize(key,key_size,GCRY_STRONG_RANDOM)" line.
To be complete, I'm using :
- the gcrypt 1.4.5 version of fedora 14
- gcc 4.5.1 (fedora 14 version too)
- all is done in the secure memory
Is it a bug or did I miss something ?
Thanks in advance.
Here is the example code :
#include <stdlib.h>
#include <stdio.h>
#include <stddef.h>
#include <gcrypt.h>
#define CIPHER_CHOICE GCRY_CIPHER_SERPENT256
#define CIPHER_MODE_CHOICE GCRY_CIPHER_MODE_CBC
#define CIPHER_FLAGS_CHOICE GCRY_CIPHER_SECURE|GCRY_CIPHER_CBC_CTS
#define SECURE_MEMORY_SIZE 60000
int main(void) {
gcry_cipher_hd_t hd; /* handle a initialiser */
gcry_error_t error; /* valeur de retour des fonctions gcry */
char *key=NULL;
char *iv=NULL;
char a[1024]="Hello World!";
char tmp[1024];
int key_size;
int iv_size;
if ( !gcry_check_version ( GCRYPT_VERSION ) )
{
exit ( EXIT_FAILURE );
}
gcry_control ( GCRYCTL_SUSPEND_SECMEM_WARN );
gcry_control ( GCRYCTL_INIT_SECMEM, SECURE_MEMORY_SIZE ,0 );
gcry_control ( GCRYCTL_RESUME_SECMEM_WARN );
gcry_control ( GCRYCTL_INITIALIZATION_FINISHED,0 );
error=gcry_cipher_open(&hd,CIPHER_CHOICE,CIPHER_MODE_CHOICE,CIPHER_FLAGS_CHOICE);
printf("Initialization of handler for encryption=%d,%s\n",error,gcry_strerror(error));
/* allocation and creation of a randomized key and randomized IV*/
key_size=gcry_cipher_get_algo_keylen(CIPHER_CHOICE);
if ( NULL== ( key=gcry_calloc_secure ( key_size,1) ) )
{
printf("Can not allocate memory for the key. Aborting\n.");
exit ( EXIT_FAILURE );
}
gcry_randomize(key,key_size,GCRY_STRONG_RANDOM);
iv_size=gcry_cipher_get_algo_blklen(CIPHER_CHOICE);
if ( NULL== ( iv=gcry_calloc_secure ( iv_size,1) ) )
{
printf("Can not allocate memory for the IV. Aborting\n.");
gcry_free(key);
key=NULL;
exit ( EXIT_FAILURE );
}
gcry_randomize(iv,iv_size,GCRY_STRONG_RANDOM);
error=gcry_cipher_setkey(hd,key,key_size);
printf("Set the key=%d,%s\n",error,gcry_strerror(error));
error=gcry_cipher_setiv(hd,iv,iv_size);
printf("Set the IV=%d,%s\n",error,gcry_strerror(error));
error=gcry_cipher_encrypt ( hd,tmp,sizeof ( tmp ),a,sizeof(a) );
printf("Encryption=%d,%s\n",error,gcry_strerror(error));
/* should be useless but just in case...*/
gcry_cipher_close ( hd );
error=gcry_cipher_open(&hd,CIPHER_CHOICE,CIPHER_MODE_CHOICE,CIPHER_FLAGS_CHOICE);
printf("Initialization of handler for decryption=%d,%s\n",error,gcry_strerror(error));
/* if we uncomment this line, decryption will be wrong but no error is returns */
/* gcry_randomize(key,key_size,GCRY_STRONG_RANDOM); */
error=gcry_cipher_setkey(hd,key,key_size);
printf("Set the key=%d,%s\n",error,gcry_strerror(error));
/* same as above */
/* gcry_randomize(iv,iv_size,GCRY_STRONG_RANDOM); */
error=gcry_cipher_setiv(hd,iv,iv_size);
printf("Set the IV=%d,%s\n",error,gcry_strerror(error));
error=gcry_cipher_decrypt ( hd,tmp,sizeof ( tmp ),NULL,0 );
printf("Decryption=%d,%s\n",error,gcry_strerror(error));
gcry_cipher_close ( hd );
gcry_free(key);
key=NULL;
gcry_free(iv);
iv=NULL;
gcry_control(GCRYCTL_TERM_SECMEM);
printf("a=%s\n",a);
printf("tmp=%s\n",tmp);
exit(EXIT_SUCCESS);
}
--
There are three rules for writing a novel. Unfortunately, no one knows
what they are.
-- Somerset Maugham
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20110217/66589fb5/attachment.pgp>
More information about the Gcrypt-devel
mailing list