Why are RijndaelManaged and AesCryptoServiceProvider returning different results?
https://stackoverflow.com/questions/957388
-
12-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Here is the example that I have run. It has the same Mode, Padding, BlockSize, KeySize. I am using the same init vector, key and data.
Using the RijndaelManaged produces an encrypted value of: 0x8d,0x81,0x27,0xc6,0x3c,0xe2,0x53,0x2f,0x35,0x78,0x90,0xc2,0x2e,0x3b,0x8a,0x61, 0x41,0x47,0xd6,0xd0,0xff,0x92,0x72,0x3d,0xc6,0x16,0x2b,0xd8,0xb5,0xd9,0x12,0x85
Using the AesCryptoServiceProvider produces an encrypted value of: 0x8d,0x9f,0x6e,0x99,0xe9,0x54,0x8b,0x12,0xa9,0x88,0x1a,0x3d,0x65,0x23,0x9c,0x4e, 0x18,0x5a,0x89,0x31,0xf5,0x75,0xc5,0x9e,0x0d,0x43,0xe9,0x86,0xd4,0xf3,0x64,0x3a
Here is the code I used to generate these results
public partial class AesTest
{
private SymmetricAlgorithm mEncryptionType;
private byte[] mPrivateKey;
private byte[] mInitializationVector;
private byte[] mData;
public AesTest()
{
mPrivateKey = new byte[32]
{
0x22, 0x22, 0x22, 0x22,
0x22, 0x22, 0x22, 0x22,
0x22, 0x22, 0x22, 0x22,
0x22, 0x22, 0x22, 0x22,
0x22, 0x22, 0x22, 0x22,
0x22, 0x22, 0x22, 0x22,
0x22, 0x22, 0x22, 0x22,
0x22, 0x22, 0x22, 0x22
};
mInitializationVector = new byte[16]
{
0x33, 0x33, 0x33, 0x33,
0x33, 0x33, 0x33, 0x33,
0x33, 0x33, 0x33, 0x33,
0x33, 0x33, 0x33, 0x33
};
mData = new byte[16]
{
0x44, 0x44, 0x44, 0x44,
0x44, 0x44, 0x44, 0x44,
0x44, 0x44, 0x44, 0x44,
0x44, 0x44, 0x44, 0x44
};
mEncryptionType = new RijndaelManaged();
mEncryptionType.Mode = CipherMode.CFB;
mEncryptionType.Padding = PaddingMode.PKCS7;
mEncryptionType.BlockSize = 128;
mEncryptionType.KeySize = 256;
byte[] rij_encrypted_data = Encrypt(mData);
mEncryptionType = new AesCryptoServiceProvider();
mEncryptionType.Mode = CipherMode.CFB;
mEncryptionType.Padding = PaddingMode.PKCS7;
mEncryptionType.BlockSize = 128;
mEncryptionType.KeySize = 256;
byte[] aes_encrypted_data = Encrypt(mData);
}
public virtual byte[] Encrypt(byte[] unencryptedData)
{
return TransformData(unencryptedData, mEncryptionType.CreateEncryptor(mPrivateKey, mInitializationVector));
}
private byte[] TransformData(byte[] dataToTransform, ICryptoTransform cryptoTransform)
{
byte[] result = new byte[0];
if (dataToTransform != null && cryptoTransform != null && dataToTransform.Length > 0)
{
// Create the memory stream to store the results
MemoryStream mem_stream = new MemoryStream();
// Create the crypto stream to do the transformation
CryptoStream crypto_stream = new CryptoStream(mem_stream, cryptoTransform, CryptoStreamMode.Write);
// bytes are transformed on a write
crypto_stream.Write(dataToTransform, 0, dataToTransform.Length);
// Flush the final block
crypto_stream.FlushFinalBlock();
// Convert the transformed memory stream back to a byte array
result = mem_stream.ToArray();
// Close the streams
mem_stream.Close();
crypto_stream.Close();
}
return result;
}
}
I guess I'm just wondering if I missed something.
Update: Turns out that AesManaged will throw a CryptographicException ("The specified cipher mode is not valid for this algorithm") if you try and set the CipherMode to CFB. I feel that the AesCryptoServiceProvider should do that same, but it doesnt. Seems funny that the FIPS Certified class allows invalid cipher modes.
Solution
Response from Microsoft:
RijndaelManaged class and
AesCryptoServiceProvider class are two
different implementations.
RijndaelManaged class is a kind of
implementation of Rijndael algorithm
in .net framework, which was not
validated under NIST (National
Institute of Standards and Technology)
Cryptographic Module Validation
Program (CMVP).
However,
AesCryptoServiceProvider class calls
the Windows Crypto API, which uses
RSAENH.DLL, and has been validated by
NIST in CMVP. Although Rijndael
algorithm was the winner of the NIST
competition to select the algorithm
that would become AES, there are some
differences between Rijndael and
official AES. Therefore,
RijndaelManaged class and
AesCryptoServiceProvider class have
subtle differences on implementation.
In addition, RijndaelManaged class
cannot provide an equivalent
implementation with AES. There is
another class implemented in .net
framework, AesManaged class. This
class just wrapped RijndaelManaged
class with a fixed block size and
iteration count to achieve the AES
standard. However, it does not support
the feedback size, especially, when
the mode is set as CFB or OFB, the
CryptographicException will be thrown.
For more information, please refer to the following MSDN documents.
AesManaged Class and AesManaged.Mode Property
If you want to pick up standard AES as
security algorithm in your
application, we recommend using the
AesCryptoServiceProvider class. If you
want to mix the RijndaelManged class
and AesCryptoServiceProvider class in
your application, we suggest using CBC
mode instead of CFB mode in your
program, since the implementation of
the CBC mode in both classes is the
same.
OTHER TIPS
I think it has to do with the CipherMode.CFB. See this post describing AesManaged:
AesManaged is actually just a wrapper around RinjdaelManaged with some code added to make sure that you do not setup the algorithm to operate in a non-AES compatible way. For instance, AesManaged does not allow you to change the block size. (It will also disallow the use of CFB and OFB mode because of the way that RijndaelManaged works with those modes).
Note that if you use CipherMode.ECB or CipherMode.CBC, you'll see identical results. Any reason why you need CFB and not CBC?
Addition information from this post says:
Essentially, if you want to use RijndaelManaged as AES you need to make sure that:
1) The block size is set to 128 bits
2) You are not using CFB mode, or if you are the feedback size is also 128 bits
Ok, great. I added mEncryptionType.FeedbackSize = 128; to my above example and I get an CryptographicExecption:
System.Security.Cryptography.CryptographicException was unhandled
Message="Bad Data.\r\n"
Source="System.Core"
StackTrace:
at System.Security.Cryptography.CapiNative.SetKeyParameter(SafeCapiKeyHandle key, KeyParameter parameter, Byte[] value)
at System.Security.Cryptography.CapiNative.SetKeyParameter(SafeCapiKeyHandle key, KeyParameter parameter, Int32 value)
at System.Security.Cryptography.CapiSymmetricAlgorithm.SetupKey(SafeCapiKeyHandle key, Byte[] iv, CipherMode cipherMode, Int32 feedbackSize)
at System.Security.Cryptography.CapiSymmetricAlgorithm..ctor(Int32 blockSize, Int32 feedbackSize, SafeCspHandle provider, SafeCapiKeyHandle key, Byte[] iv, CipherMode cipherMode, PaddingMode paddingMode, EncryptionMode encryptionMode)
at System.Security.Cryptography.AesCryptoServiceProvider.CreateEncryptor(SafeCapiKeyHandle key, Byte[] iv)
at System.Security.Cryptography.AesCryptoServiceProvider.CreateEncryptor(Byte[] key, Byte[] iv)
at AESTest.Form1.Encrypt(Byte[] unencryptedData) in C:\Documents and Settings\nschoonmaker\My Documents\Visual Studio 2005\Projects\AESTest\AESTest\Form1.cs:line 79
at AESTest.Form1..ctor() in C:\Documents and Settings\nschoonmaker\My Documents\Visual Studio 2005\Projects\AESTest\AESTest\Form1.cs:line 73
at AESTest.Program.Main() in C:\Documents and Settings\nschoonmaker\My Documents\Visual Studio 2005\Projects\AESTest\AESTest\Program.cs:line 17
Is there something wrong with the System.Core dll that wouldnt support this, or do I need to change something else?
On a side note, if I change the FeedbackSize to 8 for both, its seems to work! Even for CFB mode. So I guess my next question is, how do I get 128 to work (and hopefully this will put an end to this question)?
