[openssl-users] OpenSSL AES encryption using AES_* functions and EVP_* functions
Purushotham Nayak
nayak_purushotham at yahoo.com
Wed Dec 31 17:21:43 UTC 2014
I have some data that was encrypted using the openssl (`AES_*`) functions. I want update this code to use the newer (EVP_*) functions which are FIPS compliant. But I should be able to decrypt data that was encrypted using the old code.
I've pasted below both the old and the new code. The encrypted/decrypted contents are different. i.e. I can't use them interchangeably. This means I can't upgrade the code without having to decrypt using the old code and then re-encrypt.
Are there any values for the parameters to EVP_BytesToKey so that aes_key derived is the same in both cases. Or is there any other way to accomplish the same using the (EVP_*) functions? I've tried several different values for `digest`, `rounds` and tried making IV NULL, but didn't really work i.e. it doesn't provide the same output as the old method. What algorithm is being used in AES_set_encrypt/decrypt_key function?
The code using the `AES_*` functions
#include <stdio.h> #include <openssl/aes.h> #include <print_util.h> static const unsigned char user_key[] = { 0x00, 0x01, 0x02, 0x03, 0x10, 0x11, 0x12, 0x13, 0x20, 0x21, 0x22, 0x23, 0x30, 0x31, 0x32, 0x33 }; int main() { unsigned char p_text[]="plain text"; unsigned char c_text[16]; unsigned char d_text[16]; AES_KEY aes_key; AES_set_encrypt_key(user_key, 128, &aes_key); AES_encrypt(p_text, c_text, &aes_key); printf("plain text = %s\n", p_text); printbuf((char*)c_text, 16, "cipher text = "); AES_set_decrypt_key(user_key, 128, &aes_key); AES_decrypt(c_text, d_text, &aes_key); printf("plain text (decrypted) = %s \n", d_text); return 0; }
The code using the `EVP_*` functions. (Encryption code is below and the decryption code is similar).
#include <strings.h> #include <openssl/evp.h> #include <print_util.h> static const unsigned char user_key[16] = { 0x00, 0x01, 0x02, 0x03, 0x10, 0x11, 0x12, 0x13, 0x20, 0x21, 0x22, 0x23, 0x30, 0x31, 0x32, 0x33 }; int main() { EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX)); EVP_CIPHER_CTX_init(ctx); const EVP_CIPHER *cipher = EVP_aes_128_ecb(); // key size 128, mode ecb (not FIPS compliant?) const EVP_MD *digest = EVP_md5(); int rounds = 10; unsigned char aes_key[EVP_MAX_KEY_LENGTH]; unsigned char aes_iv[EVP_MAX_IV_LENGTH]; EVP_BytesToKey(cipher, digest, NULL, user_key, 16, rounds, aes_key, aes_iv); EVP_EncryptInit(ctx, cipher, aes_key, aes_iv); unsigned char p_text[]="plain text"; int p_len = sizeof(p_text); unsigned char c_text[16]; int c_len = 16; int t_len; EVP_EncryptUpdate(ctx, c_text, &c_len, p_text, p_len); EVP_EncryptFinal(ctx, (c_text + c_len), &t_len); c_len += t_len; printf("==> p_text: %s\n", p_text); printbuf((char*)c_text, c_len, "==> c_text:"); }
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141231/0132282b/attachment.html>
More information about the openssl-users
mailing list