[openssl-users] AES-128-CFB1 encrypt

Marcus Vinicius do Nascimento m.vinicius at samsung.com
Tue May 19 19:56:31 UTC 2015



I'm trying to use the CFB1 mode for AES-128.

However I'm having a bit of trouble interpreting the encrypt output.


I believe the EVP_EnvryptUpdate should get the data length in BITS (other
algorithms it should use in bytes). Is it correct?

How can I interpret the output correctly?


I got my testing data from the FIPS140 test vectors.


Here is a quick code snippet to illustrate it:


#include <openssl/evp.h>

#include <string.h>


int main() {

                unsigned char outbuf[1024];

                int outlen, tmplen;


                // From FIPS 140 test vectors (CFB1MCT128.rsp):

                //   COUNT = 0

                //   KEY = 6f219ca589944101d9b8d1997ec7f384

                //   IV = 00179d5c1f0436af09de22c09825b02d

                //   PLAINTEXT = 0

                //   CIPHERTEXT = 0

                unsigned char key[] = {0x6f, 0x21, 0x9c, 0xa5, 0x89, 0x94,
0x41, 0x01, 0xd9, 0xb8, 0xd1, 0x99, 0x7e, 0xc7, 0xf3, 0x84};

                unsigned char iv[] = {0x00, 0x17, 0x9d, 0x5c, 0x1f, 0x04,
0x36, 0xaf, 0x09, 0xde, 0x22, 0xc0, 0x98, 0x25, 0xb0, 0x2d};

                unsigned char intext[] = {0x00};


                EVP_CIPHER_CTX ctx;


                EVP_EncryptInit_ex(&ctx, EVP_aes_128_cfb1(), NULL, key, iv);


                // EVP_EnvryptUpdate expects the number of bits or bytes in
CFB1 mode?

                int datalen = 1; 


                if (!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext,
datalen)) return 1;

                if (!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
return 1;

                outlen += tmplen;



                for (int ii = 0; ii < outlen; ++ii) printf("%02x",



                // outbuf should contain CIPHERTEXT. However, it contains
one single byte: 0x47 (71 decimal).


                return 0;



Thanks very much.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150519/85e78f02/attachment.html>

More information about the openssl-users mailing list