AES192 & AES256 in CBC mode [libgcrypt]

Jussi Kivilinna jussi.kivilinna at iki.fi
Sun Nov 30 10:07:16 CET 2014


Hello,

On 28.11.2014 03:10, Jan Bilek wrote:> Hello,
> 
> I've just bounced in a potential problem with libgcrypt while trying to do AES192 & AES256 in CBC mode.
> 
> All works well with AES128 for all cipher modes, however when moving to AES192 & AES256 and GCRY_CIPHER_MODE_CBC it looks like all buffers are being written just in first 128 bits of output.
> 
> Please see example code attached.
> 
> Let me know if you'll be able to confirm that and if confirmed if I may help with fixing it.

I added new CBC test vectors to tests/basic.c from RFC 3602 and NIST SP800-38A, which did work fine. Then I tried adding the test vectors from example code that you provided and those tests fail (AES128, 192 and 256).

check-cbc, encrypt mismatch entry 4:0
expected: 72 de 8d 00 17 e1 4a a3 5c 87 16 b3 33 55 92 5c b8 ef fc b9 d8 aa 32 29 8a 76 6a 62 7c fc 29 52 e0 34 c8 72 32 91 0a 8d 18 93 13 48 fc af 45 24 01 1a 61 9d 6c 61 a2 38 5f c7 9d ce 7f 92 ee b8
computed: 72 de 8d 00 17 e1 4a a3 5c 87 16 b3 33 55 92 5c b8 ef fc b9 d8 aa 32 29 8a 76 6a 62 7c fc 29 52 01 1a 61 9d 6c 61 a2 38 5f c7 9d ce 7f 92 ee b8 e0 34 c8 72 32 91 0a 8d 18 93 13 48 fc af 45 24
xor-diff: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e1 2e a9 ef 5e f0 a8 b5 47 54 8e 86 83 3d ab 9c e1 2e a9 ef 5e f0 a8 b5 47 54 8e 86 83 3d ab 9c
check-cbc, encrypt mismatch entry 5:0
expected: 12 e9 3d 3c b0 6d 13 44 e7 b9 5c eb b6 88 ec ba 39 f3 b0 21 d7 a2 45 f0 9e 24 ed e1 2c 4f f6 a3 80 f9 f7 b7 3c f6 dc 46 3e e5 3a 7b d1 e6 1d 2e bb b1 38 b2 aa 22 7b 81 18 35 e0 a7 c8 20 53 f6
computed: fd 51 b0 e6 d2 98 09 85 4f 7a c7 a7 d6 97 c2 62 72 a2 d8 bb 5f 0f 43 5e 05 33 59 ef c7 4d f9 83 16 05 2c 29 91 55 1c 58 b9 d9 7d ec 5d dd eb 4c 7a 97 e1 a5 b5 04 60 59 6c 25 62 e5 50 1d 72 33
xor-diff: ef b8 8d da 62 f5 1a c1 a8 c3 9b 4c 60 1f 2e d8 4b 51 68 9a 88 ad 06 ae 9b 17 b4 0e eb 02 0f 20 96 fc db 9e ad a3 c0 1e 87 3c 47 97 8c 3b f6 62 c1 26 d9 17 1f 26 1b d8 74 10 82 42 98 3d 21 c5
check-cbc, encrypt mismatch entry 6:0
expected: 4a d8 4c 9f 32 dc 6a 95 63 49 a3 d3 cc 30 88 96 4b 5c aa f0 30 51 f1 9f 1e a9 11 71 52 89 46 0a 4c da 68 d7 17 6b a4 ed e0 4d 1b 69 c8 fb 54 f2 46 6a 14 7d 9a 4a d5 c4 bc 55 15 d4 1b d4 ac 7d
computed: b2 1f 9d bf bf fe c3 4f b0 98 fe f2 0b fc 8e 44 d1 ac 48 e0 d9 1c b4 17 e1 32 19 05 80 f8 e9 da 60 fb 53 97 4a 6c 79 46 2a 7d 91 7c 87 71 af a7 87 44 37 05 2b 02 c7 63 52 b3 53 a3 a3 cf 8f 75
xor-diff: f8 c7 d1 20 8d 22 a9 da d3 d1 5d 21 c7 cc 06 d2 9a f0 e2 10 e9 4d 45 88 ff 9b 08 74 d2 71 af d0 2c 21 3b 40 5d 07 dd ab ca 30 8a 15 4f 8a fb 55 c1 2e 23 78 b1 48 12 a7 ee e6 46 77 b8 1b 23 08

Patch with these tests for libgcrypt/master attached.

-Jussi

> 
> Thank you & Kind Regards,
> Jan
> 
> Jan Bilek
> CTO, EFTlab Pty Ltd
> email: jan.bilek at eftlab.co.uk
> mob:   +61 (0) 498 103 179
> 
> This message contains confidential information and is intended only for the addressee(s). E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. EFTlab Ltd cannot accept liability for any errors or omissions in the contents of this message, which may arise as a result of e-mail transmission. Please note that EFTlab Ltd may monitor, analyse and archive email traffic, data and the content of email for the purposes of security, legal compliance and staff training. If you have received this email in error please notify us at support at eftlab.co.uk. EFTlab is a limited company registered in England & Wales with Reg No. 07528943. The Registered Office is 21-27 Lamb's Conduit Street, London, WC1N 3GS.
> 
> 
> _______________________________________________
> Gcrypt-devel mailing list
> Gcrypt-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 03-cbc-tests.patch
Type: text/x-patch
Size: 12728 bytes
Desc: not available
URL: </pipermail/attachments/20141130/167e904d/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141130/167e904d/attachment-0001.sig>


More information about the Gcrypt-devel mailing list