QCA AES Encryption using CBC Cipher Mode
-
Before I post any of my code, I wanted to see if anyone has experienced a similar problem. I am using the QCA library for encryption and want to use AES-128 with the Cipher Mode of CBC.
I have followed several of the examples in the QCA project, and sample strings I am providing are being encrypted/decrypted correctly in my unit tests. However, an ancillary api which I must pass this encrypted information to that uses another implementation of AES based encryption is producing encrypted strings which are quite different based on the same source plain text values.
It's been confirmed that the other AES implementation is set for CBC mode. The strange thing is, when I change the CipherMode in my QCA based code to be EBC mode, the encrypted strings produced match what the other AES implementation is creating. I know that EBC will only work on a block by block basis, and is not recommended for use in the QCA documentation, but I have looked at this closely and do not see any other settings on the Cipher Object or anywhere else which may be causing this anomaly.
Has anyone else ever run into this sort of issue using QCA AES 128 w/CBC before?
Thanks in advance!
-
If the messages are longer than 128 bits and the ECB output of QCA matches the other implementation's CBC output exactly then one of them is lying about the mode. With a (bad) zero IV the first block out in CBC mode will be the same as in ECB for the same key, but blocks after that will differ. With a good IV all the blocks will be different.
You should be able to use OpenSSL enc to encrypt/decrypt to check results:
openssl enc -aes-128-cbc -e -in test.in -out test.enc -K key -iv iv
openssl enc -aes-128-cbc -d -in test.enc -out test.dec -K key -iv iv
(Key and IV in 32 hex digits)
You may get extra bytes on a message depending on the padding used so the "-nopad" option could be useful. -
Thanks for the reply. Let me make a clarification: In EBC mode, ONLY the first block(first 16 bytes) of any text is correctly encrypted compared to the same text encrypted with the other implementation's CBC. Any subsequent blocks have a totally different encryption value in EBC than in CBC. Below are three different examples of attempts to encrypt/decrypt the same 64 byte text string:
This is the resulting encrypted data using QCA's CBC w/DefaultPadding on a plain text string of 49 total bytes(with the remain bytes up to 64 filled w/white spaces):
a35981782bc6d4469697a781145ab380047dd2529488e51ce88ff5537cf6c475415600ddde2a89e659f4fef6d2303a268d4c062844c1aa9e150eedc9ea61b162
This is the resulting encrypted data using QCA's EBC w/DefaultPadding on a plain text string of 49 total bytes(with the remain bytes up to 64 filled w/white spaces):
e270f7dab1882d07463cb19ecf27d29bad8eefbd2e9f316a0b48a4d9ac4bf2cea1c15b81206ba52acca940ee94c86400e64f59396f1b7a8e79d4f763d8a44a24
And this is the resulting encrypted data using CBC from the other implementation on a plain text string of 49 total bytes(with the remain bytes up to 64 filled w/white spaces):
e270f7dab1882d07463cb19ecf27d29b2db210451f427ef9b23d1bbb23b6885185ae5d17944033386fc8450005e4703552aa7dcd573e5b3168328d5e9af6e366
As you can see, in examples 2(QCA ECB) and 3(Other Implementation's CBC), the first 16 bytes match and the remaining bytes don't. Example 1(QCA CBC) is different all together.
I have confirmed that the key being used in the QCA Cypher object is correctly formatted in all three examples.
Is there something else on the QCA Cipher object that needs to be adjusted?
-
Assuming both AES implementations are correct and the same key is used then the CBC in 3 is starting with an IV that is all zeros. What IV are you using in 1?