Reputation: 51
Encryption using AES_* functions and EVP_* functions
I have some data that was encrypted using the openssl (AES_*) functions. I want update this code to use the newer (EVP_*) functions. But should be able to decrypt data that was encrypted using the old code.
I've pasted below both the old and the new code. The encrypted/decrypted contents are different. i.e. I can't use them interchangeably. This means I can't upgrade the code without having to decrypt using the old code and then re-encrypt.
Are there any values for the parameters to EVP_BytesToKey so that aes_key derived is the same in both cases. Or is there any other way to accomplish the same using the (EVP_*) functions? I've tried several different values for digest, rounds and tried making iv NULL, but didn't really work i.e. it doesn't provide the same output as the old method.
The code using the AES_* functions
#include <stdio.h>
#include <openssl/aes.h>
#include <print_util.h>
static const unsigned char user_key[] = {
0x00, 0x01, 0x02, 0x03,
0x10, 0x11, 0x12, 0x13,
0x20, 0x21, 0x22, 0x23,
0x30, 0x31, 0x32, 0x33
};
int main()
{
unsigned char p_text[]="plain text";
unsigned char c_text[16];
unsigned char d_text[16];
AES_KEY aes_key;
AES_set_encrypt_key(user_key, 128, &aes_key);
AES_encrypt(p_text, c_text, &aes_key);
printf("plain text = %s\n", p_text);
printbuf((char*)c_text, 16, "cipher text = ");
AES_set_decrypt_key(user_key, 128, &aes_key);
AES_decrypt(c_text, d_text, &aes_key);
printf("plain text (decrypted) = %s \n", d_text);
return 0;
}
The code using the EVP_* functions. (Encryption code is below and the decryption code is similar).
#include <strings.h>
#include <openssl/evp.h>
#include <print_util.h>
static const unsigned char user_key[16] = {
0x00, 0x01, 0x02, 0x03,
0x10, 0x11, 0x12, 0x13,
0x20, 0x21, 0x22, 0x23,
0x30, 0x31, 0x32, 0x33
};
int main()
{
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(ctx);
const EVP_CIPHER *cipher = EVP_aes_128_ecb(); // key size 128, mode ecb
const EVP_MD *digest = EVP_md5();
int rounds = 10;
unsigned char aes_key[EVP_MAX_KEY_LENGTH];
unsigned char aes_iv[EVP_MAX_IV_LENGTH];
EVP_BytesToKey(cipher, digest, NULL, user_key, 16, rounds, aes_key, aes_iv);
EVP_EncryptInit(ctx, cipher, aes_key, aes_iv);
unsigned char p_text[]="plain text"; int p_len = sizeof(p_text);
unsigned char c_text[16]; int c_len = 16;
int t_len;
EVP_EncryptUpdate(ctx, c_text, &c_len, p_text, p_len);
EVP_EncryptFinal(ctx, (c_text + c_len), &t_len);
c_len += t_len;
printf("==> p_text: %s\n", p_text);
printbuf((char*)c_text, c_len, "==> c_text:");
}
Thanks
Upvotes: 1
Views: 1116
Answers (1)
Reputation: 93948
You don't have any key derivation in your AES_* code, so you should not use any key derivation such as EVP_BytesToKey in your new EVP_ code if you want to stay fully compatible.
And no, there is no way to make EVP_BytesToKey output the same key as above, because a cryptographic hash is used to generate the output.
Upvotes: 2
Related Questions
- AES-256 encryption/decryption
- OpenSSL RSA Encryption/Decryption with EVP Methods
- In place encryption/decryption using EVP_*
- How to decrypt using openssl EVP?
- EVP Asymmetric Encryption and Decryption of an Envelope on C
- Openssl EVP encryption and decryption from a file
- Working with EVP and OpenSSL, coding in C
- OpenSSL AES 256 CBC via EVP api in C
- OpenSSL EVP AES/DES Encryption Implementation
- QT C++ - OpenSSL AES - EVP.h