CODEWITHSUNDEEP
copensslaes
CJD
CJD

Reputation: 55

AES_128_CBC Encryption/Decryption using OpenSSL

I am currently trying to develop a C program to implement AES_128_CBC using the OpenSSL library. When I compile and run the program the first time, I get blocks of ciphertext and then my plaintext shows as being decrypted. This seems to be running smoothly. My problem is when I compile and run again. My blocks of ciphertext grow (by about 3x in size), yet my decryption remains the same. I would expect that if I was using the same key and IV, my cipher text would remain the same no matter how many times I compile and run the program. Can anyone see why this may be happening?

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>

#define BUFSIZE 1024

/* AES key for Encryption and Decryption */
const static unsigned char aes_key[]= {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF};
unsigned char iv[] = {0x98,0x76,0x54,0x32,0x10,0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE,0xDC,0xBA};
/* Print Encrypted and Decrypted data packets */
void print_data(const char *tittle, const void* data, int len);

int main( )
{
/* Input data to encrypt */
unsigned char aes_input[BUFSIZE];
strcpy(aes_input, "Testing");

fprintf(stderr, "%s\n", aes_input);


/* Init vector */

memset(iv, 0x00, AES_BLOCK_SIZE);

/* Buffers for Encryption and Decryption */
unsigned char enc_out[sizeof(aes_input)];
unsigned char dec_out[sizeof(aes_input)];
unsigned char *e = enc_out;

/* AES-128 bit CBC Encryption */
AES_KEY enc_key, dec_key;
AES_set_encrypt_key(aes_key, sizeof(aes_key)*8, &enc_key);
AES_cbc_encrypt(aes_input, enc_out, sizeof(aes_input), &enc_key, iv, AES_ENCRYPT);
fprintf(stderr, "Encrypted:");
while (*e) printf(" [%02x]", *e++);
printf("\n");

/* AES-128 bit CBC Decryption */
memset(iv, 0x00, AES_BLOCK_SIZE); // don't forget to set iv vector again, else you can't decrypt data properly

AES_set_decrypt_key(aes_key, sizeof(aes_key)*8, &dec_key); // Size of key is in bits
AES_cbc_encrypt(enc_out, dec_out, sizeof(aes_input), &dec_key, iv, AES_DECRYPT);

fprintf(stderr, "The Plaintext After Decryption is: %s\n", dec_out);


return 0;

}

Upvotes: 3

Views: 3186

Answers (1)

Reinier Torenbeek
Reinier Torenbeek

Reputation: 17363

You have overlooked a few things in your code.

First, you have declared your aes_input array without initializing it:

/* Input data to encrypt */
unsigned char aes_input[BUFSIZE];

Since you have not initialized this array, it may hold any value after this. Different compilers will do different things here. One way to initialize the entire array to a predictable value is by filling it with zeroes, like this:

unsigned char aes_input[BUFSIZE] = {0};

After this, the output should be predictable, no matter how many times you run it.

The contents of this entire array are relevant, because you are asking OpenSSL to encrypt the entire array, since you pass sizeof(aes_input) as the size of the plaintext to be encrypted when invoking the AES_cbc_encrypt() function:

AES_cbc_encrypt(aes_input, enc_out, sizeof(aes_input), &enc_key, iv, AES_ENCRYPT);

Since your input is largely uninitialized (except for the first eight bytes, which contain the string "Testing"), the output of this function can not be predicted.

Now when you print that output as follows:

while (*e) printf(" [%02x]", *e++);

you will only see the bytes up to the first byte that has the value of 0. This is a mistake, because the cipher text could easily (and does) contain bytes with the value of 0. You are treating the ciphertext as if it is a zero-terminated string, which it is not. Instead of stopping when encountering a 0 value, you should loop over all bytes in the ciphertext.

Upvotes: 4

Related Questions