Mailing List Archive: gcry_cipher_decrypt not functioning

gcry_cipher_decrypt not functioning

Apr 4, 2006, 7:04 PM

Post #1 of 3 (1743 views)

I'm working on a small project that is using libgcrypt for encryption. The
encryption works fine, but when the decryption code is called, no decryption
takes place.

The following function is what I use to wrap the library calls. The input data
is already aligned to the ciphers blocksize by the encryption code.

From watching the process in gdb it is certain that the decryption never
happens. I have tried a version where I was creating a temporary buffer for
the output, and even with that step the input stream matched the output
stream from the function.

I'm not on the list, so could you please CC: me on the response?

gcry_error_t decrypt( unsigned char *outb, unsigned int *outs,
unsigned int algo ) {
gcry_error_t rval;
gcry_cipher_hd_t hand;
gcry_md_hd_t mdh;
unsigned char *store;
unsigned int i, k;

store = (char *)malloc(32);
memset(store,0,32);
blklen = gcry_cipher_get_algo_blklen(algo);
rval = gcry_md_open( &mdh, GCRY_MD_SHA256, 0 );
if( rval )
return rval;

k = strlen( password );
for( i = 0; i < k; i++ ) {
gcry_md_putc( mdh, password[i] );
}
gcry_md_final( mdh );
store = gcry_md_read( mdh, GCRY_MD_SHA256 );
gcry_md_close( mdh );

rval = gcry_cipher_open( &hand, algo, 0, 0 );
if( rval )
return rval;

rval = gcry_cipher_setkey( hand, store, 32 );
if( rval )
return rval;

rval = gcry_cipher_decrypt( hand, outb, outs[0], NULL, 0 );
if( rval )
return rval;

gcry_cipher_close( hand );
return 0;
}

DRH

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Re: gcry_cipher_decrypt not functioning [ In reply to ]

bradh at frogmouth

Apr 5, 2006, 2:48 AM

Post #2 of 3 (1633 views)

Permalink

On Wednesday 05 April 2006 12:04 pm, D. Hazelton wrote:
> >From watching the process in gdb it is certain that the decryption never
>
> happens. I have tried a version where I was creating a temporary buffer for
> the output, and even with that step the input stream matched the output
> stream from the function.
It would help if you could tell us what is each gcry_* function returning.

> rval = gcry_cipher_open( &hand, algo, 0, 0 );
This looks wrong. What mode are you trying to use? 0 => GCRY_CIPHER_MODE_NONE,
which isn't good...

You aren't setting an IV either. That is OK, as long as you are using ECB.
However it looks like you are doing a lot of data, and ECB is a bad choice in
this case. I like CFB (to avoid padding), but it obviously has to match
whatever you are using to encrypt.

Brad

Re: gcry_cipher_decrypt not functioning [ In reply to ]

dhazelton at enter

Apr 5, 2006, 1:15 PM

Post #3 of 3 (1632 views)

Permalink

On Wednesday 05 April 2006 05:48, Brad Hards wrote:
> On Wednesday 05 April 2006 12:04 pm, D. Hazelton wrote:
> > >From watching the process in gdb it is certain that the decryption never
> >
> > happens. I have tried a version where I was creating a temporary buffer
> > for the output, and even with that step the input stream matched the
> > output stream from the function.
>
> It would help if you could tell us what is each gcry_* function returning.

Everything returns fine. Each call returns "No Error"...

When gcry_cipher_decrypt returns it returns with no decryption.

> > rval = gcry_cipher_open( &hand, algo, 0, 0 );
>
> This looks wrong. What mode are you trying to use? 0 =>
> GCRY_CIPHER_MODE_NONE, which isn't good...
>
> You aren't setting an IV either. That is OK, as long as you are using ECB.
> However it looks like you are doing a lot of data, and ECB is a bad choice
> in this case. I like CFB (to avoid padding), but it obviously has to match
> whatever you are using to encrypt.

Okay. So I should set an IV (and store it in the output) and use
GCRY_CIPHER_MODE_CFB? Sound pretty simple to me. Thank you!

DRH

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel