CODEWITHSUNDEEP
c++cencryptionopenssl
James Kim
James Kim

Reputation: 33

openssl command encrypt data does not match EVP_aes_128_cbc C code

I tried the following C implementation of Openssl EVP function for AES-128-CBC encryption but the results I am getting are incorrect compared to the command line OpenSSL result.

I referenced the code on the site below.

https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

C code implementation of AES-128-CBC:

#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <string.h>

void handleErrors(void)
{
    ERR_print_errors_fp(stderr);
    abort();
}

int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
            unsigned char *iv, unsigned char *ciphertext)
{
    EVP_CIPHER_CTX *ctx;

    int len;
    int ciphertext_len;

    if(!(ctx = EVP_CIPHER_CTX_new()))
        handleErrors();

    if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv))
        handleErrors();

    if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
        handleErrors();
    ciphertext_len = len;

    if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
        handleErrors();
    ciphertext_len += len;

    /* Clean up */
    EVP_CIPHER_CTX_free(ctx);

    return ciphertext_len;
}

int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key,
            unsigned char *iv, unsigned char *plaintext)
{
    EVP_CIPHER_CTX *ctx;

    int len;
    int plaintext_len;

    /* Create and initialise the context */
    if(!(ctx = EVP_CIPHER_CTX_new()))
        handleErrors();

    if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv))
        handleErrors();

    if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
        handleErrors();
    plaintext_len = len;

    if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len))
        handleErrors();
    plaintext_len += len;

    /* Clean up */
    EVP_CIPHER_CTX_free(ctx);

    return plaintext_len;
}

int main (void)
{
    /* A 128 bit key */
    unsigned char *key = (unsigned char *)"0123456789012345";

    /* A 128 bit IV */
    unsigned char *iv = (unsigned char *)"0123456789012345";

    /* Message to be encrypted */
    unsigned char *plaintext =
        (unsigned char *)"The quick brown fox jumps over the lazy dog";

    /*
     * Buffer for ciphertext. Ensure the buffer is long enough for the
     * ciphertext which may be longer than the plaintext, depending on the
     * algorithm and mode.
     */
    unsigned char ciphertext[128];

    /* Buffer for the decrypted text */
    unsigned char decryptedtext[128];

    int decryptedtext_len, ciphertext_len;

    /* Encrypt the plaintext */
    ciphertext_len = encrypt (plaintext, strlen ((char *)plaintext), key, iv,
                              ciphertext);

    /* Do something useful with the ciphertext here */
    printf("Ciphertext is:\n");
    BIO_dump_fp (stdout, (const char *)ciphertext, ciphertext_len);

    /* Decrypt the ciphertext */
    decryptedtext_len = decrypt(ciphertext, ciphertext_len, key, iv,
                                decryptedtext);

    /* Add a NULL terminator. We are expecting printable text */
    decryptedtext[decryptedtext_len] = '\0';

    /* Show the decrypted text */
    printf("Decrypted text is:\n");
    printf("%s\n", decryptedtext);


    return 0;
}

Output:

Ciphertext is:
0000 - 30 89 e6 bc 22 4b d9 5b-85 cf 56 f4 b9 67 11 8a   0..."K.[..V..g..
0010 - aa 47 05 43 0f 25 b6 b4-d9 53 18 8a d1 5d d7 8f   .G.C.%...S...]..
0020 - 38 67 57 7e 7d 58 e1 8c-9c b3 40 64 7c 8b 4f d8   8gW~}X....@d|.O.
Decrypted text is:
The quick brown fox jumps over the lazy dog

OpenSSL command line:

printf "The quick brown fox jumps over the lazy dog" | openssl enc -e -aes-128-cbc -K 0123456789012345 -iv 0123456789012345 | xxd

OpenSSL Output:

00000000: 86ec 68f6 1d8f 440b 70e8 e7d2 69dc 5319  ..h...D.p...i.S.
00000010: c023 893a 3451 5a17 5e51 0b69 5e70 b073  .#.:4QZ.^Q.i^p.s
00000020: 7fbe 6f6f e61f dfb0 d32e 36a9 6651 021e  ..oo......6.fQ...

Why are the output results different?

How to fix code?

Upvotes: 1

Views: 777

Answers (1)

dbush
dbush

Reputation: 225827

The key and IV passed on the command line should be formatted as a hex string representing the bytes of the key and IV, not as ASCII text.

So instead of:

-K 0123456789012345 -iv 0123456789012345

You want:

-K 30313233343536373839303132333435 -iv 30313233343536373839303132333435

Upvotes: 2

Related Questions