CODEWITHSUNDEEP
clinuxcryptographyopensslaes
user1261347
user1261347

Reputation: 325

OpenSSL and AES

i'm working with OpenSSL lib and get very strange effect with AES encrypt/decrypt: if i'll change some byte in encrypted message and decrypt it, i will see the part of original message, that isn't suppose to be. This is source code:

#include <openssl/evp.h> 
#include <string.h>

int do_crypt(void) 
{  
 int outlen, inlen;  
 FILE *in, *out;  
 in = fopen("in.txt", "r"); 
 out = fopen("out.txt", "w"); 
 unsigned char key[32];
 strcpy(key, "10000000000000000000000000000002"); 
 unsigned char iv[8];
 unsigned char inbuf[BUFSIZE], outbuf[BUFSIZE];  
 EVP_CIPHER_CTX ctx;  
 const EVP_CIPHER * cipher;    


 EVP_CIPHER_CTX_init(&ctx);   
 cipher = EVP_aes_256_cfb(); 
 EVP_EncryptInit(&ctx, cipher, key, 0); 

while(1) {                    
 inlen = fread(inbuf, 1, BUFSIZE, in);  
 if(inlen <= 0) break;  
 if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) return 0;  
 fwrite(outbuf, 1, outlen, out);  
 }    

if(!EVP_EncryptFinal(&ctx, outbuf, &outlen)) return 0;  
 fwrite(outbuf, 1, outlen, out);  
 EVP_CIPHER_CTX_cleanup(&ctx);  
 return 1;  
} 

int do_decrypt(char *infile) 
{  
 int outlen, inlen;  
 FILE *in, *out;  
 in = fopen("out.txt", "r"); 
 out = fopen("out2.txt", "w"); 
 unsigned char key[32];
 strcpy(key, "10000000000000000000000000000002"); 
 unsigned char iv[8];  
 unsigned char inbuf[BUFSIZE], outbuf[BUFSIZE];  
 EVP_CIPHER_CTX ctx;  

 EVP_CIPHER_CTX_init(&ctx);  
 EVP_DecryptInit(&ctx, EVP_aes_256_cfb(), key, 0);  

 while(1) {  
 inlen = fread(inbuf, 1, BUFSIZE, in);  
 if(inlen <= 0) break;  
 if(!EVP_DecryptUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) return 0; 
 fwrite(outbuf, 1, outlen, out);  
 }  

 if(!EVP_DecryptFinal(&ctx, outbuf, &outlen)) return 0;  
 fwrite(outbuf, 1, outlen, out);  
 EVP_CIPHER_CTX_cleanup(&ctx);  
 return 1;  
} 

main(int argc, char **argv){ 
if(atoi(argv[1]) == 1) 
    do_crypt(0); 
if(atoi(argv[1]) == 2) 
    do_decrypt(0);    
}

What could be wrong?

Upvotes: 0

Views: 2005

Answers (2)

CodesInChaos
CodesInChaos

Reputation: 108790

What's wrong is your expectation that the whole message becomes unreadable because a single byte was changed.

Which parts of the message become unreadable depends on the chosen encryption mode. You're using CFB. This means if you change a single byte in the ciphertext, the corresponding byte and the block after that get corrupted, and the cipher recovers from the error afterwards.

PCBC will corrupt all output after the error. But it still does not detect the error.

I recommend adding authentication (either a MAC, or a mode with integrated authentication such as AES-GCM).

Upvotes: 6

blaze
blaze

Reputation: 4364

This is exactly what is supposed to be.

Greatly oversimplifying, message is encrypted and decrypted from left to right. Until decryption routine hits changed byte, decrypted text MUST match original message. What happens after changed byte is dependent on cipher mode, but decryption of the left part of the text cannot be affected by this change.

Upvotes: 2

Related Questions