Wrong ciphertext length in c libgcrypt

Question

So, i am trying to encrypt and decrypt a string, using libgcrypt library (version 1.8.7) on arch and at this moment i have tried 2 modes: CBC and GCM (not sure about GCM, so let's solve the CBC first), but the same problem appears.

I padd the string and then, encrypt it block by block. Sometimes, this happens chaotically by the way, the gcry_cipher_encrypt function returns wrong amount of bytes (5, 7, 11...), but if i understood correctly, the output should be 16 bytes (128 bits). The same thing happens with decryption, that i do the exact same way, block by block. I'm using the same GCRY handler with through out the encryption or decryption process and it feels like i'm really missing something... Here is an example, only encryption in CBC mode, to make it easier to find the problem.

Code:

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <gcrypt.h>

// Define cipher details
#define GCRY_CIPHER GCRY_CIPHER_AES256
#define GCRY_C_MODE GCRY_CIPHER_MODE_CBC


char * encrypt_block(gcry_cipher_hd_t handler, unsigned char * key, unsigned char * input) {
    size_t key_length = 32;
    size_t blk_length = 16;

    // Encryption result variable
    unsigned char * enc = (char *) calloc(16, sizeof(char));

    // Error variable
    gcry_error_t err = 0;

    // Set key
    err = gcry_cipher_setkey(handler, key, key_length);

    if (err) {
        printf("Couldn't set the key!\n%s\n%s\n", gcry_strsource(err), gcry_strerror(err));
        exit(-1);
    }

    // Start encryption process
    err = gcry_cipher_encrypt(handler, enc, blk_length, input, blk_length);
    
    if (err) {
        printf("Couldn't encrypt!\n%s\n%s\n", gcry_strsource(err), gcry_strerror(err));
        exit(-1); 
    }

    if (strlen(enc) != 16) {
        printf("\n\nCORRUPTED BLOCK!\n\n");
    }

    // Printing the block result
    printf("\nENC BLOCK:\t%d\t", strlen(enc));
    for (unsigned short int i = 0; i < strlen(enc); ++i) {
        printf("%X ", enc[i]);
    }
    printf("\n");

    return enc;
}


int main() {
    // Creating basic variables
    unsigned char * input = (char *) calloc(2048, sizeof(char));
    unsigned char * key   = (char *) calloc(32, sizeof(char));
    unsigned char * iv    = (char *) calloc(16, sizeof(char));

    // Taking user input
    printf("Input (2048 max): ");
    scanf(" %[^\n]", input);

    printf("Key (32 max): ");
    scanf(" %[^\n]", key);

    printf("RAW DATA:\n\tinput:  %d\t%s\n\tkey:    %d\t%s\n\n", strlen(input), input, strlen(key), key);

    // Create GCRY handler
    gcry_cipher_hd_t handler;
    gcry_error_t err = 0;

    // Initialize cipher handler
    err = gcry_cipher_open(&handler, GCRY_CIPHER, GCRY_C_MODE, 0);

    if (err) {
        printf("Couldn't initialize the cipher!\n%s\n%s\n", gcry_strsource(err), gcry_strerror(err));
        exit(-1);
    }

    // Add padding to the input
    if ((strlen(input) % 16) != 0) {
        for (unsigned short int i = 0; i < (((strlen(input) / 16) * 16) - strlen(input)); ++i) {
            strcat(input, "X");
        }
    }

    // Add padding to the key
    if (strlen(key) < 32) {
        for (unsigned short int i = strlen(key); i < 32; ++i) {
            key[i] = 0x0058;
        }
    }

    // Generate random IV
    char charset[] = "abcdefghijklmnopqrstuvwxyz0123456789";
    unsigned short int iv_size = 16;
    
    for (unsigned short int i = 0; i < iv_size; ++i) {
        unsigned short int index = rand() % (unsigned short int) (sizeof charset - 1);
        iv[i] = charset[index];
    }

    // Set the IV
    err = gcry_cipher_setiv(handler, iv, 16);

    if (err) {
        printf("Couldn't set the IV!\n%s\n%s\n", gcry_strsource(err), gcry_strerror(err));
        exit(-1);
    }

    printf("ENC DATA:\n\tinput:  %d\t%s\n\tkey:    %d\t%s\n\tiv:     %d\t%s\n\n", strlen(input), input, strlen(key), key, strlen(iv), iv);

    // Create encryption variables
    unsigned char * input_buffer = (char *) calloc(16, sizeof(char));
    unsigned char * enc_buffer   = (char *) calloc(16, sizeof(char));
    unsigned char * out          = (char *) calloc(strlen(input), sizeof(char));

    // Start encryption process block by block
    for (unsigned short int i = 0; i < (strlen(input) / 16); ++i) {
        // Create a new block
        for (unsigned short int j = 0; j < 16; ++j) {
            input_buffer[j] = input[(i * 16) + j];
        }
        printf("\nENC INPUT:\t%d\t%s\n", strlen(input_buffer), input_buffer);
        
        // Check if this is a final round
        if (i == ((strlen(input) / 16) - 1)) {
            err = gcry_cipher_final(handler);
        }
        
        // Start encrypting the block
        enc_buffer = encrypt_block(handler, key, input_buffer);

        // Adding up the block to the out result
        strcat(out, enc_buffer);

        memset(input_buffer, 0, 16);
        memset(enc_buffer, 0, 16);
    }

    // Print the encryption result
    printf("\n\nENC RESULT:\n\t%d\n\t", strlen(out));
    for (unsigned short int i = 0; i < strlen(out); ++i) {
        printf("%X ", out[i]);
    }
    printf("\n");

    gcry_cipher_close(handler);
}

Output:

Input (2048 max): This string is made for testing the program
Key (32 max): hey my password
RAW DATA:
    input:  43  This string is made for testing the program
    key:    15  hey my password

ENC DATA:
    input:  48  This string is made for testing the programXXXXX
    key:    32  hey my passwordXXXXXXXXXXXXXXXXX
    iv:     16  t8jhfhkm7bo5ohxw


ENC INPUT:  16  This string is m

ENC BLOCK:  16  2 BF AA A0 1 7C A8 77 DA 4A 5A 72 29 EB FA F6 

ENC INPUT:  16  ade for testing 

ENC BLOCK:  16  41 BA CE 61 8A E3 F4 89 8A 46 50 2 47 5 11 A4 

ENC INPUT:  16  the programXXXXX


CORRUPTED BLOCK!


ENC BLOCK:  12  AE D6 92 D2 5A AF 85 CB 57 2 1B 93 


ENC RESULT:
    44
    2 BF AA A0 1 7C A8 77 DA 4A 5A 72 29 EB FA F6 41 BA CE 61 8A E3 F4 89 8A 46 50 2 47 5 11 A4 AE D6 92 D2 5A AF 85 CB 57 2 1B 93 

I am really sorry for this mess, it's just me going crazy at this point, it seems like the solution is so simple, but i just can't get it.

Answer 1

strlen does not tell you anything about your output buffer's length. Your output buffer is, in fact, always the same length. There's no need to test its length because libgcrypt has no way of modifying its length.

If you want to understand why strlen is returning "chaotic" values, you need to understand what strlen is intended to do. strlen is intended to operate on a C-style (null-terminated) string, not on arbitrary bytes. Strings in C are stored as arrays of characters ending with a '\0' (0x00) character. This is the null terminator. This is how the length of C-strings can be determined.

// example implementation to explicate the concept
size_t strlen(const char *s) {
    size_t i = 0;
    while (s[i] != '\0')
        ++i;
    return i;
}

When you apply strlen to arbitrary bytes, the results are nonsensical. It is perfectly possible for your binary ciphertext to contain the byte 0x00 anywhere. It could appear at the beginning or anywhere in the middle. It could appear several times. Or it could never appear, in which case you would get a fatal segmentation fault. Wherever 0x00 happens to first appear in your ciphertext, that will be where strlen assumes it ends. The behavior appears "chaotic" because encryption produces random-seeming data, so the distribution of 0x00 within that data is also random-seeming.

PS: You don't need to reset the key every time you encrypt a block.