Pycrypto: Incrementing CTR Mode

Still can't quite get this to work. My question is about how to make the decryption line work. Here is what I have written:

class IVCounter(object):
    @staticmethod
    def incrIV(self):
        temp = hex(int(self, 16)+1)[2:34]
        return array.array('B', temp.decode("hex")).tostring()


def decryptCTR(key, ciphertext):

    iv = ciphertext[:32] #extracts the first 32 characters of the ciphertext

    #convert the key into a 16 byte string
    key = array.array('B', key.decode("hex")).tostring()

    print AES.new(key, AES.MODE_CTR, counter=IVCounter.incrIV(iv)).decrypt(ciphertext)
    return

My error message is:

ValueError: 'counter' parameter must be a callable object

I just can't figure out how pycrypto wants me to organize that third argument to new.

Can anyone help? Thanks!

EDIT New code after implementing the suggestions below. Still stuck!

class IVCounter(object):
    def __init__(self, start=1L):
        print start #outputs the number 1 (not my IV as hoped)
        self.value = long(start)

   def __call__(self):
        print self.value  #outputs 1 - need this to be my iv in long int form
        print self.value + 1L  #outputs 2
        self.value += 1L
        return somehow_convert_this_to_a_bitstring(self.value) #to be written

def decryptCTR(key, ciphertext):

    iv = ciphertext[:32] #extracts the first 32 characters of the ciphertext
    iv = int(iv, 16)

    #convert the key into a 16 byte string
    key = array.array('B', key.decode("hex")).tostring()

    ctr = IVCounter()
    Crypto.Util.Counter.new(128, initial_value = iv)

    print AES.new(key, AES.MODE_CTR, counter=ctr).decrypt(ciphertext)
    return

EDIT STILL can't get this to work. very frustrated and completely out of ideas. Here is the latest code: (please note that my input strings are 32-bit hex strings that must be interpreted in two-digit pairs to convert to long integers.)

class IVCounter(object):
    def __init__(self, start=1L):
        self.value = long(start)

    def __call__(self):
        self.value += 1L
        return hex(self.value)[2:34]

def decryptCTR(key, ciphertext):
    iv = ciphertext[:32] #extracts the first 32 characters of the ciphertext
    iv = array.array('B', iv.decode("hex")).tostring()

    ciphertext = ciphertext[32:]

    #convert the key into a 16 byte string
    key = array.array('B', key.decode("hex")).tostring()

    #ctr = IVCounter(long(iv))
    ctr = Crypto.Util.Counter.new(16, iv)

    print AES.new(key, AES.MODE_CTR, counter=ctr).decrypt(ciphertext)
    return

TypeError: CTR counter function returned string not of length 16

Thanks a million for this. What I don't understand is how any of this can increment the IV when nowhere in this code is the IV ever passed as an argument to the class??? As I read this, coming from more of a C++ background, the variable 'self' is what appears to get incremented. But how do I set 'self' equal to my iv string in the first place? I need to increment MY iv - not something random or arbitrary. I just don't see how to connect these dots. Sorry if I am begin dense, but can you explain how this increments MY iv??? I appreciate your help!

Sure thing. With CTR mode, the initialization vector is simply the initial value of the counter. If you want to pass a specific IV to the counter you're creating, you need only do ctr = Crypto.Util.Counter.new(NUM_COUNTER_BITS, initial_value = 90000001L), where initial_value is your IV in long-integer form. The reason why we consider 'ctr' to be a stateful function is because it stores its own counter internally. Every time ctr() is called, its internal counter increments by one. So by initializing this function with the IV you need, you are then incrementing 'your' IV.

In case you're looking at my example and not quite understanding it, the callable object (think of it as a C++ functor) can take an argument 'start' when initialized; then, its own internal counter gets set to whatever you want. Every time you call that particular instance of IVCounter, its own internal counter (which you initialized) gets incremented. You could in principle have multiple instances of IVCounter defined, all mutually independent.

I'm going nuts. I can't get that 'my' iv value into this object no matter what I do. I've edited my code so you can see the problem. I've modified things so that when I instantiate my object, I try to pass the iv. But I still don't understand how this argument is received in the init method. My code sets the start value at 1L, and I don't know how to change it to the iv. Thanks for all of your help. I think that I'm almost there if your willing to stick with me a little while longer. Thank you!

Sure thing @usr55410. Two problems with your current code: you don't use the variable iv after you've initialized it; if you're using my IVCounter, you want to say ctr = IVCounter(long(iv)), or similar, to set the counter's initial state. If you're using Crypto.Util.Counter (preferred for speed), you want to say ctr = Crypto.Util.Counter.new(256, long(iv)). The second problem (which the preceding also solves) is that Crypto.Util.Counter.new returns a function, which you don't assign anywhere.

Additionally, be careful of another thing: PyCrypto's encryption routines expect (and return) bytestrings, which are most certainly not remotely legible while in encrypted form. You'll need to figure out how to convert strings to and from their hexadecimal representation; it's not a hard problem, solved e.g. at stackoverflow.com/questions/2340319. And one last thing: since you typically want IVs to be long (much longer than int can usually provide), you'll want to declare iv with long() instead of int().

This isn't working. No matter what I do, I get an error that says "TypeError: CTR counter function returned string not of length 16". I've tried everything. I'm so frustrated I want to send my computer through the window. I'll post the latest version above if you still are willing to help me. Sorry for being an idiot. Thanks.

@usr55410 Did I say Crypto.Util.Counter.new(256, ...) earlier? My mistake. The correct function call is Crypto.Util.Counter.new(128, initial_value = long(iv.encode("hex"), 16). Try that instead; I've updated my answer with an example that should work.

Thanks for the correction. That allows the program to run to completion. Unfortunately, my ciphertext doesn't decrypt correctly, but that seems to be a different issue. I'll think about that some more and re-post as a different question if I get stuck again. I can't tell you how much I appreciate your help. Thanks a lot!

One more thing (actually two questions about the example you posted). 1) are your key and iv strings interpreted as single digits or as hex pairs (e.g. 0x0, 0x1, ... or as 0x01, 0x23, ...). This makes a big difference in how I need to work with my strings, which are of the latter variety. 2) Why can't I add two lines onto the end of your example to decode back to the plaintext? Specifically a) ciphertext = cipher.encrypt(plaintext) and b) print cipher.decrypt(ciphertext). All I get is gibberish when I do this, but I would have expected "Attack at dawn". Thanks!

1: My key string is binary data; my IV string is a hexstring (e.g. baadf00d). 2: You need to reset the counter before decrypting, i.e. create a new counter with the same IV, then create a new cipher context using the new counter, and use that to decrypt.

let us continue this discussion in chat