Reputation: 515
Error encrypting string with AES128 using OpenSSL in C++
I am having problems with the last characters of the encrypted message that I am generating with the OpenSSL library and the AES 128 algorithm in CBC mode, these are the data I am using:
Message in Hex = "7b22494443223a2232363930393439376434222c22444553223a2256656e74616d656e7564656f222c22414d4f223a3530302c22444154223a313530383233303035383730362c22524546223a302c22434f4d223a312c22545950223a31392c2276223a7b224e414d223a2252616661656c56616c656e7a75656c614172656e6173222c22414343223a2235383732313233343536373836303132222c2242414e223a34303132372c22545943223a332c22444556223a22353532373139323132382f30227d7da"
Key128 in Hex = "dadf11e74d014a62d73ccadd9591442a"
Initialization Vector in Hex = "cab9da8940cd7dc9510c7249fe47c6e6"
This is the Code I'm using:
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <unistd.h>
#include <math.h>
#include <assert.h>
#include <stdint.h>
#include <stdbool.h>
#include <sstream>
#include <iostream>
#include <algorithm>
#include <iomanip>
#include <locale>
#include <openssl/aes.h>
#include <openssl/des.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
using namespace std;
/* AES key for Encryption and Decryption */
const static unsigned char aes_key[16]={0xda, 0xdf, 0x11, 0xe7, 0x4d, 0x01, 0x4a, 0x62, 0xd7, 0x3c, 0xca, 0xdd, 0x95, 0x91, 0x44, 0x2a};
/* Print Encrypted and Decrypted data packets */
void print_data(const char *tittle, const void* data, int len)
{
printf("%s : ",tittle);
const unsigned char * p = (const unsigned char*)data;
int i = 0;
for (; i<len; ++i)
{
printf("%02X ", *p++);
}
printf("\n");
}
int main( )
{
/* Input data to encrypt */
unsigned char enc_out[235]={0x7b, 0x22, 0x49, 0x44, 0x43, 0x22, 0x3a, 0x22, 0x32, 0x36, 0x39, 0x30, 0x39, 0x34, 0x39, 0x37, 0x64, 0x34, 0x22, 0x2c, 0x22, 0x44, 0x45, 0x53, 0x22, 0x3a, 0x22, 0x56, 0x65, 0x6e, 0x74, 0x61, 0x6d, 0x65, 0x6e, 0x75, 0x64, 0x65, 0x6f, 0x22, 0x2c, 0x22, 0x41, 0x4d, 0x4f, 0x22, 0x3a, 0x35, 0x30, 0x30, 0x2c, 0x22, 0x44, 0x41, 0x54, 0x22, 0x3a, 0x31, 0x35, 0x30, 0x38, 0x32, 0x33, 0x30, 0x30, 0x35, 0x38, 0x37, 0x30, 0x36, 0x2c, 0x22, 0x52, 0x45, 0x46, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x43, 0x4f, 0x4d, 0x22, 0x3a, 0x31, 0x2c, 0x22, 0x54, 0x59, 0x50, 0x22, 0x3a, 0x31, 0x39, 0x2c, 0x22, 0x76, 0x22, 0x3a, 0x7b, 0x22, 0x4e, 0x41, 0x4d, 0x22, 0x3a, 0x22, 0x52, 0x61, 0x66, 0x61, 0x65, 0x6c, 0x56, 0x61, 0x6c, 0x65, 0x6e, 0x7a, 0x75, 0x65, 0x6c, 0x61, 0x41, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x22, 0x2c, 0x22, 0x41, 0x43, 0x43, 0x22, 0x3a, 0x22, 0x35, 0x38, 0x37, 0x32, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x36, 0x30, 0x31, 0x32, 0x22, 0x2c, 0x22, 0x42, 0x41, 0x4e, 0x22, 0x3a, 0x34, 0x30, 0x31, 0x32, 0x37, 0x2c, 0x22, 0x54, 0x59, 0x43, 0x22, 0x3a, 0x33, 0x2c, 0x22, 0x44, 0x45, 0x56, 0x22, 0x3a, 0x22, 0x35, 0x35, 0x32, 0x37, 0x31, 0x39, 0x32, 0x31, 0x32, 0x38, 0x2f, 0x30, 0x22, 0x7d, 0x7d, 0xa};
/* Init vector */
unsigned char iv[16]={0xca, 0xb9, 0xda, 0x89, 0x40, 0xcd, 0x7d, 0xc9, 0x51, 0x0c, 0x72, 0x49, 0xfe, 0x47, 0xc6, 0xe6};
//memset(iv, 0x00, AES_BLOCK_SIZE);
/* Buffers for Encryption and Decryption */
unsigned char dec_out[400];
unsigned char aux_out[400];
memset(dec_out, 0, sizeof(dec_out));
memset(aux_out, 0, sizeof(aux_out));
/* AES-128 bit CBC Encryption */
AES_KEY enc_key, dec_key;
AES_set_encrypt_key(aes_key, sizeof(aes_key)*8, &enc_key);
AES_cbc_encrypt(enc_out, dec_out, sizeof(enc_out), &enc_key, iv, AES_ENCRYPT);
/* AES-128 bit CBC Decryption */
memset(iv, 0x00, AES_BLOCK_SIZE); // don't forget to set iv vector again, else you can't decrypt data properly
AES_set_decrypt_key(aes_key, sizeof(aes_key)*8, &dec_key); // Size of key is in bits
AES_cbc_encrypt(dec_out, aux_out, sizeof(enc_out), &dec_key, iv, AES_DECRYPT);
/* Printing and Verifying */
print_data("\n Original ",enc_out, sizeof(enc_out)); // you can not print data as a string, because after Encryption its not ASCII
print_data("\n Encrypted",dec_out, sizeof(enc_out));
print_data("\n Decrypted",aux_out, sizeof(dec_out));
return 0;
}
Apparently only the end of the chain is the one that is incorrect (the last 32 characters) the rest is fine, I have researched a bit and everything points to what is the type of padding of the text but according to what I read it is already paddated with PKCS5 (which is the padding I need in fact) so I can not see what the error is.
The Correct Encryption = EFC063DD33406D424D359809695D0B1E2D65027E803962C6A115DF7CCABEEB0C8C358830E556ED23943FA4F02E6461D235EF913CFCE5519F7CE2279DD07D3C4054D045827D5D7D9FE94DA3C5B718A24E79539B3FFC1E68E4C3FF441EEA176F61EE3D7B33B622E3069D95815F6407FBC79342BB972A2DDE4E50FDE9302BDE4409B7D2BD388AB6A043B9EF236D982937D8537F954564FF4134BD8A6EAB994FE4C29E9DC4E54D53A561A4688C45C90961EDB1763B6EF6C86B593C7E16FDF35C49CE16B1E6948BB1EAE6A8692326A019960B
The Output of the Program = EFC063DD33406D424D359809695D0B1E2D65027E803962C6A115DF7CCABEEB0C8C358830E556ED23943FA4F02E6461D235EF913CFCE5519F7CE2279DD07D3C4054D045827D5D7D9FE94DA3C5B718A24E79539B3FFC1E68E4C3FF441EEA176F61EE3D7B33B622E3069D95815F6407FBC79342BB972A2DDE4E50FDE9302BDE4409B7D2BD388AB6A043B9EF236D982937D8537F954564FF4134BD8A6EAB994FE4C29E9DC4E54D53A561A4688C45C90961EDB1763B6EF6C86B593C7E16FDF35C49CE608E3F73FC8E3DDF1D3BCF40B3DFACD00B732A9FCC10F6E0FB18E126A1C21A082D7A4F053F131A9329474D
I understand that the code has many improvements and I am not contemplating the desencryption, but at the moment I do not need it.
Upvotes: 3
Views: 986
Answers (2)
Reputation: 49131
The enc_out-array is dimensioned for 235 bytes, but is only initialized explicitly for 200 bytes, i.e. the remaining bytes are implicitly initialized with 0x00-values. This corresponds to a ciphertext with a length of 240 bytes (= 15 x 16 bytes). Therefore, the current code returns a ciphertext with a length of 240 bytes whose last three blocks are:
608E3F73FC8E3DDF1D3BCF40B3DFACD0 0B732A9FCC10F6E0FB18E126A1C21A08 2D7A4F053F131A9329474DE44DA772BC
This corresponds to an implicit padding with 0x00-values. The last 5 bytes are missing in the posted ciphertext, which is because the length of the plaintext (instead of the ciphertext) is used for the output.
Most likely only the first 200 bytes should be encrypted. This would correspond to a ciphertext with a length of 208 bytes (= 13 x 16 bytes), which is just the length of the expected ciphertext. For this, the size of the enc_out-array must be reduced from 235 to 200, or even better, the size should not be explicitly specified at all.
Then a two blocks shorter, but otherwise identical ciphertext is generated, which differs from the expected ciphertext only in the last block, which is now caused only by the missing PKCS7-padding.
Upvotes: 1
Reputation: 93948
AES_cbc_encrypt is encrypting using the low level primitives. It does not perform any kind of padding. Here is a link to the underlying CBC source code that the AES CBC code directly calls: https://github.com/openssl/openssl/blob/master/crypto/modes/cbc128.c - no padding indicated at all.
The real question is why you would use ill-described, low level implementation functions rather than the EVP API that OpenSSL itself advocates. You may think that the lower level primitives are more performant, but this may not be the case if e.g. AES-NI is deployed; the calling overhead will be minimal compared to the cipher itself anyway.
Upvotes: 2
Related Questions
- Encrypt and decrypt string using OpenSSL
- how to encrypt and decrypt string with openssl?
- OpenSSL AES encryption doesn't seem to work properly
- Encrypt and decrypt string with c++, Openssl and aes
- String not decrypted properly using <openssl/aes>
- OpenSSL AES_cfb128_encrypt C++
- OpenSSL error "assertion failed"
- OpenSSL AES wrong encryption
- OpenSSL AES encryption error
- Decrypt AES string