[openssl-users] GCM
Amir Reda
amiralex32 at gmail.com
Fri Jan 9 19:42:30 UTC 2015
dear all
i'm trying to use AES-GCM model for encryption i use a sample code for that
and my problem is
ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
ret all the time is 0 this means that
the plaintext is not trustworthy.
encryption function
int
Server::AuthenticationEncryption(unsigned char plaintext[], int ptextsize,
unsigned char aad[], int aadlen, unsigned char key[],int keysize,
unsigned char iv[],int ivsize, unsigned char ciphertext[], unsigned
char tag[])
{
int len;
int ciphertext_len;
EVP_CIPHER_CTX *ctx;
ctx = EVP_CIPHER_CTX_new();
//Initialize the encryption operation
if (1 == EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
{
cout<<"success inttialize"<<endl;
}
else
{
cout<<"something wrong"<<endl;
}
//Set IV length should be more than 12 byte or 96 bit normally 16
if (1 == EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivsize,
NULL))
{
cout<<"success adding iv"<<endl;
}
else
{
cout<<"something wrong"<<endl;
}
//Initialize key and IV
if (1 == EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
{
cout<<"success initialize key and iv "<<endl;
}
else
{
cout<<"something wrong"<<endl;
}
//add AAD data
if (1 == EVP_EncryptUpdate(ctx, NULL, &len, aad, aadlen))
{
cout<<"success adding AAD"<<endl;
}
else
{
cout<<"something wrong"<<endl;
}
//encrypt the message
if (1 == EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext,
ptextsize))
{
cout<<"success encryption"<<endl;
ciphertext_len = len;
}
else
{
cout<<"something wrong"<<endl;
}
//finalize the encryption
if (1 == EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
{
cout<<"success final encryption"<<endl;
ciphertext_len += len;
cout<<"cipher length is "<<ciphertext_len<<endl;
}
else
{
cout<<"something wrong"<<endl;
}
//get the tag
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
return ciphertext_len;
}
decryption function
int
Server::AuthenticationDecryption(unsigned char ciphertext[], int ctextsize,
unsigned char aad[], int aadlen, unsigned char tag[],
unsigned char key[], int keysize, unsigned char iv[], int ivsize,
unsigned char plaintext[])
{
int len;
int plaintext_len;
EVP_CIPHER_CTX *ctx;
ctx = EVP_CIPHER_CTX_new();
//Initialize the encryption operation
if (1 == EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
{
cout<<"success initialize"<<endl;
}
else
{
cout<<"something wrong"<<endl;
}
//Set IV length should be more than 12 byte or 96 bit normally 16
if (1 == EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivsize, NULL))
{
cout<<"success adding iv"<<endl;
}
else
{
cout<<"something wrong"<<endl;
}
//Initialize key and IV
if (1 == EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
{
cout<<"success adding key and iv"<<endl;
}
else
{
cout<<"something wrong"<<endl;
}
//add AAD data
if (1 == EVP_DecryptUpdate(ctx, NULL, &len, aad, aadlen))
{
cout<<"success adding AAD"<<endl;
}
else
{
cout<<"something wrong"<<endl;
}
//Decrypt the message
if (1 == EVP_DecryptUpdate(ctx, plaintext, &len , ciphertext,
ctextsize))
{
cout<<"success decryption"<<endl;
plaintext_len = len;
}
else
{
cout<<"something wrong"<<endl;
}
//add the tag
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
{
cout<<"success adding tag"<<endl;
}
else
{
cout<<"something wrong"<<endl;
}
//finalize the Decryption
int ret = 1;
ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
cout<<" ret value is "<<ret<<endl;
if (ret > 0)
{
cout<<"success final decryption"<<endl;
plaintext_len += len;
cout<<"palin text is "<<plaintext_len<<endl;
return plaintext_len;
}
else
{
cout<<"decrypt fail"<<endl;
return -1;
}
return ret;
}
and in main () i use that
unsigned char plaintext[120] =
{'f','a','3','1','3','2','2','5','f','8','8','4','0','6','e','5','a','5','5','9','0','9','c','5','a','f','f','5','2','6','9','a','8','6','a','7','a','9','5','3','1','5','3','4','f','7','d','a','2','e','4','c','3','0','3','d','8','a','3','1','8','a','7','2','1','c','3','c','0','c','9','5','9','5','6','8','0','9','5','3','2','f','c','f','0','e','2','4','4','9','a','6','b','5','2','5','b','1','6','a','e','d','f','5','a','a','0','d','e','6','5','7','b','a','6','3','7','b','3','9'};
unsigned char key [32] =
{'f','e','f','f','e',9,9,2,8,6,6,5,7,3,1,'c',6,'d',6,'a',8,'f',9,4,6,7,3,0,8,3,0,8};
unsigned char aad[40] =
{'f','e','e','d','f','a','c','e','d','e','a','d','b','e','e','f','f','e','e','d','f','a','c','e','d','e','a','d','b','e','e','f','a','b','a','d','d','a','d',2};
unsigned char iv[120] =
{9,3,1,3,2,2,5,'d','f',8,8,4,0,6,'e',5,5,5,9,0,9,'c',5,'a','f','f',5,2,6,9,'a','a',6,'a',7,'a',9,5,3,8,5,3,4,'f',7,'d','a',1,'e',4,'c',3,0,3,'d',2,'a',3,1,8,'a',7,2,8,'c',3,'c',0,'c',9,5,1,5,6,8,0,9,5,3,9,'f','c','f',0,'e',2,4,2,9,'a',6,'b',5,2,5,4,1,6,'a','e','d','b','f',5,'a',0,'d','e',6,'a',5,7,'a',6,3,7,'b',3,9,'b'};
unsigned char cipher[120];
unsigned char tag[16];
unsigned char extractedpalintext[120];
int encryptionsize = 0;
encryptionsize =
servertest.AuthenticationEncryption(plaintext,120,aad,40,key,32,iv,120,cipher,tag);
//servertest.AuthenticationEncryption(NULL,0,NULL,0,key,48,iv,24,cipher,tag);
cout<<"size of encrypted data is "<<encryptionsize<<endl;
cout<<"cipher text is "<<endl;
for (int i = 0 ; i<120 ; i++)
{
printf("0x%.2x ", cipher[i]);
}
cout<<endl;
cout<<"tag is "<<endl;
for (int j = 0 ; j<16 ; j++)
{
printf("0x%.2x ", tag[j]);
}
cout<<endl;
servertest.AuthenticationDecryption(cipher,120,aad,40,tag,key,32,iv,120,extractedpalintext);
cout<<"extracted palin text is "<<endl;
for (int i = 0 ; i<120 ; i++)
{
printf("%c ", extractedpalintext[i]);
//cout<<extractedpalintext[i];
}
cout<<endl;
the encryption and decryption process are ok but i have a problem with
function
ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
all the time is 0 this means that
the plaintext is not trustworthy.
what i did wrong please guide me
--
Warmest regards and best wishes for a good health,*urs sincerely *
*mero*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150109/55757dac/attachment-0001.html>
More information about the openssl-users
mailing list