AES CTR mode using pycrypto

I couldn't spot any problems with your implementations, but caveat lector: I'm not a cryptography expert, so take that with an appropriate pinch of salt.

(削除) I'm also concerned about the output:

$ python reinvent.py
msg = CTR mode lets yo▒B▒▒▒c▒?▒N▒▒w▒▒ap▒9▒uz▒▒▒3▒▒▒o▒V_M▒▒A
msg = Always avoid the▒?A▒▒r ▒ά

It looks as if the first block has been decrypted correctly, and then it all falls over. Probably a bug, but I didn't dig into what's causing it. (削除ここまで)

Edit: Turns out this was an indentation problem – the code as posted had lost some indentation, and I guessed wrong when I tried to add it back.

The biggest problem with this code is the lack of docstrings and comments. Especially when you're dealing with cryptography – it's important to explain why you wrote the code you did, and how it relates to the original problem. This makes code easier to read, review and maintain – and would probably make it much easier to spot the bug above.

A variety of comments below.

IVCounter class

• There should be a docstring explaining what this class represents, and what sort of values it expects as input. I had lots of (削除) fun (削除ここまで) hassle trying different inputs and hitting a variety of errors before I got it working.

• Your __repr__ method is mutating the internal state of the object – that seems like a really bad idea. The usual use case for repr() is as a debugging tool; changing the instance you're trying to debug will be a bundle of laughs.

  Here's an alternative repr you could use:

  def __repr__(self):
   return '%s(%r)' % (self.__class__.__name__, self.value)
  

  This returns a string that could be eval'd to get something equivalent to the current object, which is a much more conventional use of this function.

• I'm not sure why you have a string method. It would be better for callers to access self.value directly, and if you want a string representation of an object, you should define __str__ instead.

• What happens when the counter overflows? You get a nasty TypeError:

  >>> x = IVCounter('\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe')
  >>> x.increment()
  '\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'
  >>> x.increment()
  Traceback (most recent call last):
   File "<stdin>", line 1, in <module>
   File "<stdin>", line 8, in increment
   File "/usr/lib/python2.7/encodings/hex_codec.py", line 42, in hex_decode
   output = binascii.a2b_hex(input)
  TypeError: Odd-length string
  

  You should think about how you want to handle an overflow like this – at the very least, you should wrap the exception and provide a more intelligible error message.

CTR class.

• Should subclass from object.
• Avoid single letter variable names where possible; try to prefer descriptive and expressive names. For example, __init__(self, key) instead of __init__(self, key). Or for block in blocks.
• In your __strxor method, you have repeated code – the only thing that changes is the arguments to zip(). Would be good to cut down that repetition.
• The variable name lenght is misspelt in the definition of the __split_len method.
• When I hear the word cipher, I think of things like AES, whereas you seem to be using it to describe a message text. That's a little confusing – docstrings would help.

• In the decrypt() method, rather than:

  self.IV = IVCounter(blocks[0])
  blocks.remove(blocks[0])
  

  you could just use:

  self.IV = IVCounter(blocks.pop(0))
  

  which will remove the item and extract it.

Misc

• You appear to be importing Crypto.Cipher.AES twice. Why?

The Pycrpto library has both encrpypt and decrypt functions for the class AES, but you have used the encrypt function for decryption:

For b in blocks:

aes = self.__AESencryptor(self.IV.string())"

It can be corrected by first defining an AES decryptor function as:

def __AESdecryptor(self, cipher):
 dec = AES.new(self.key, AES.MODE_ECB)
 return dec.decrypt(cipher)

and calling it inside your CTR decryptor.

• python
• reinventing-the-wheel
• cryptography
• aes