[openssl-users] AES encrypt expanded key is different with no-asm

Hemant Ranvir hemantranvir at gmail.com
Mon Dec 10 10:30:05 UTC 2018


Dear all,
    After extracting openssl-1.1.1.tar.gz, openssl can be configured
without asm by passing no-asm flag during config command.

    The expanded key can be obtained like follows:
//Getting expanded key from inside openssl
//Copied from crypto/evp/e_aes.c
typedef struct {
    union {
        double align;
        AES_KEY ks;
    } ks;
    block128_f block;
    union {
        cbc128_f cbc;
        ctr128_f ctr;
    } stream;
} EVP_AES_KEY;

  EVP_CIPHER_CTX *cipher_ctx = ssl->enc_write_ctx;
  EVP_AES_KEY * cipher_data = EVP_CIPHER_CTX_get_cipher_data(cipher_ctx);
  printf("Encrypted Expanded Key is : ");

for(i=0;i<((cipher_ctx->cipher->key_len)/sizeof(cipher_data->ks.ks.rd_key[0])*11);i++)
{
      printf("%08x", cipher_data->ks.ks.rd_key[i]);
  }
  printf("\n");

 To get the 128 bit encrypted key :
unsigned char* key = unsigned char* malloc(16);
    int i;
    for (i=0; i<4; i++) {
        key[4*i]   = cipher_data->ks.ks.rd_key[i] >> 24;
        key[4*i+1] = cipher_data->ks.ks.rd_key[i] >> 16;
        key[4*i+2] = cipher_data->ks.ks.rd_key[i] >> 8;
        key[4*i+3] = cipher_data->ks.ks.rd_key[i];
    }

I am using this 128 bit key and using it in *Rijndael* Key Schedule
function to get the expanded key. The expanded key will be 128*11 bit long.
This expanded key is equal to the expanded key obtained from accessing
structures inside openssl(shown in section "Getting expanded key from
inside openssl" ) which is expected.

Now if I configure openssl without no-asm flag and get the expanded key
from inside openssl and compare it with the expanded key calculated using
the function I wrote. They are not equal. As far as I know there is only
one way to calculate expanded key. I have even checked whether the expanded
key inside openssl is inverse cipher expanded key but yet it is different.
Can someone point me in the right direction.
Thanks!

-- 
Best Regards,
Hemant Ranvir

*"To live a creative life, we must lose our fear of being wrong.**" -
J.C.Pearce*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181210/e6e179e0/attachment.html>


More information about the openssl-users mailing list