Reputation: 33
I tried the following C implementation of Openssl EVP function for AES-128-CBC encryption but the results I am getting are incorrect compared to the command line OpenSSL result.
I referenced the code on the site below.
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
C code implementation of AES-128-CBC:
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <string.h>
void handleErrors(void)
{
ERR_print_errors_fp(stderr);
abort();
}
int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
unsigned char *iv, unsigned char *ciphertext)
{
EVP_CIPHER_CTX *ctx;
int len;
int ciphertext_len;
if(!(ctx = EVP_CIPHER_CTX_new()))
handleErrors();
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv))
handleErrors();
if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
handleErrors();
ciphertext_len = len;
if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
handleErrors();
ciphertext_len += len;
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
return ciphertext_len;
}
int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key,
unsigned char *iv, unsigned char *plaintext)
{
EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
/* Create and initialise the context */
if(!(ctx = EVP_CIPHER_CTX_new()))
handleErrors();
if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv))
handleErrors();
if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
handleErrors();
plaintext_len = len;
if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len))
handleErrors();
plaintext_len += len;
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
return plaintext_len;
}
int main (void)
{
/* A 128 bit key */
unsigned char *key = (unsigned char *)"0123456789012345";
/* A 128 bit IV */
unsigned char *iv = (unsigned char *)"0123456789012345";
/* Message to be encrypted */
unsigned char *plaintext =
(unsigned char *)"The quick brown fox jumps over the lazy dog";
/*
* Buffer for ciphertext. Ensure the buffer is long enough for the
* ciphertext which may be longer than the plaintext, depending on the
* algorithm and mode.
*/
unsigned char ciphertext[128];
/* Buffer for the decrypted text */
unsigned char decryptedtext[128];
int decryptedtext_len, ciphertext_len;
/* Encrypt the plaintext */
ciphertext_len = encrypt (plaintext, strlen ((char *)plaintext), key, iv,
ciphertext);
/* Do something useful with the ciphertext here */
printf("Ciphertext is:\n");
BIO_dump_fp (stdout, (const char *)ciphertext, ciphertext_len);
/* Decrypt the ciphertext */
decryptedtext_len = decrypt(ciphertext, ciphertext_len, key, iv,
decryptedtext);
/* Add a NULL terminator. We are expecting printable text */
decryptedtext[decryptedtext_len] = '\0';
/* Show the decrypted text */
printf("Decrypted text is:\n");
printf("%s\n", decryptedtext);
return 0;
}
Output:
Ciphertext is:
0000 - 30 89 e6 bc 22 4b d9 5b-85 cf 56 f4 b9 67 11 8a 0..."K.[..V..g..
0010 - aa 47 05 43 0f 25 b6 b4-d9 53 18 8a d1 5d d7 8f .G.C.%...S...]..
0020 - 38 67 57 7e 7d 58 e1 8c-9c b3 40 64 7c 8b 4f d8 8gW~}X....@d|.O.
Decrypted text is:
The quick brown fox jumps over the lazy dog
OpenSSL command line:
printf "The quick brown fox jumps over the lazy dog" | openssl enc -e -aes-128-cbc -K 0123456789012345 -iv 0123456789012345 | xxd
OpenSSL Output:
00000000: 86ec 68f6 1d8f 440b 70e8 e7d2 69dc 5319 ..h...D.p...i.S.
00000010: c023 893a 3451 5a17 5e51 0b69 5e70 b073 .#.:4QZ.^Q.i^p.s
00000020: 7fbe 6f6f e61f dfb0 d32e 36a9 6651 021e ..oo......6.fQ...
Why are the output results different?
How to fix code?
Upvotes: 1
Views: 777
Reputation: 225827
The key and IV passed on the command line should be formatted as a hex string representing the bytes of the key and IV, not as ASCII text.
So instead of:
-K 0123456789012345 -iv 0123456789012345
You want:
-K 30313233343536373839303132333435 -iv 30313233343536373839303132333435
Upvotes: 2