Using AF_ALG with openssl
Dear All, i am trying to built the AF_ALG API to access kernel cryptographic API on an ubuntu machine. I donwloaded the aF_ALG open SOurce code and followed the instructions to compile it. I then copied the shared library in the openssl engine path. But I have the following error when I tried to test the the lib. Here the error : openssl speed -evp aes-128-cbc -engine af Error configuring OpenSSL 716306368:error:260BC095:engine routines:INT_ENGINE_CONFIGURE:engine section error:eng_cnf.c:112: 716306368:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:conf_mod.c:235:module=engines, value=openssl_engines, retcode=-1 Can someone throw some light as to what is it indicating me? thanks, Tera
EVP_Decrypt function- AES cbc 128 bit mode- Input length?
Hi All,
I am trying in vain to find out why the AES decrypt won't work here.
I have found where exactly is the problem and now looking for some
wise-crack to help me solve it.
Here is the code that I tested with(from various posts here):
#include string.h
#include stdio.h
#include stdlib.h
#include openssl/evp.h
int AES_BLOCK_SIZE = 128;
int main(int argc, char **argv)
{
EVP_CIPHER_CTX en;
EVP_CIPHER_CTX de;
EVP_CIPHER_CTX_init(en);
EVP_CIPHER_CTX_init(de);
const EVP_CIPHER *cipher_type;
unsigned char *passkey, *passiv, *plaintxt;
char *plain;
char *plaintext;
unsigned char *ciphertext;
int olen, len;
int i =0;
unsigned char iv[] = { 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0 };
unsigned char key[]= { 0x2b, 0x7e, 0x15, 0x16,
0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88,
0x09, 0xcf, 0x4f, 0x3c , 0 };
unsigned char *input = hi this is patrick immling\n'Doctor'.\n'Doctor'
who ?\nPrecisely! 123910!§$$§% !%%$$(/=))?=(#ü++Ü**,.here we go sometimes
it i s difficult but 187! 1$5 78@2 14.TӒ��틪�ձ1z.$�?�U���y;
printf(AES ALGORITHM FOR 128 bit CBC MODE\n);
cipher_type = EVP_aes_128_cbc();
AES_BLOCK_SIZE = 128;
passkey = key;
passiv = iv;
plain = input;
printf(Initializing AES ALGORITHM FOR CBC MODE..\n);
EVP_EncryptInit_ex(en, cipher_type, NULL, passkey, passiv);
EVP_DecryptInit_ex(de, cipher_type, NULL, passkey, passiv);
olen = len = strlen(input)+1;
printf(len value before aes_encrypt \%d\\n, len);
int c_len = len + AES_BLOCK_SIZE - 1;
int f_len = 0;
ciphertext = (unsigned char *)malloc(c_len);
if(!EVP_EncryptInit_ex(en, NULL, NULL, NULL, NULL)){
printf(ERROR in EVP_EncryptInit_ex \n);
return NULL;
}
if(!EVP_EncryptUpdate(en, ciphertext, c_len, plain, len)){
printf(ERROR in EVP_EncryptUpdate \n);
return NULL;
}
printf(len value after update \%d\\n, len);
// printf(size of ciphertext after update \%d\\n,
sizeof(ciphertext));
printf(strlen value of ciphertext after update \%d\\n,
strlen(ciphertext));
if(!EVP_EncryptFinal_ex(en, ciphertext+c_len, f_len)){
printf(ERROR in EVP_EncryptFinal_ex \n);
return NULL;
}
printf(len value after final \%d\\n, len);
printf(strlen value of ciphertext after final \%d\\n,
strlen(ciphertext));
EVP_CIPHER_CTX_cleanup(en);
len = c_len + f_len;
printf(len value after aes_encrypt \%d\\n, len);
//HERE IS THE PROBLEM: IF I USE len= strlen(ciphertext) I GET ERROR
//len = strlen(ciphertext);
printf(strlen value of ciphertext after aes_encrypt \%d\\n,
len);
int p_len = len;
f_len = 0;
plaintext = (unsigned char *)malloc(p_len);
// memset(plaintext,0,sizeof(plaintext));
if(!EVP_DecryptInit_ex(de, NULL, NULL, NULL, NULL)){
printf(ERROR in EVP_DecryptInit_ex \n);
return NULL;
}
EVP_CIPHER_CTX_set_padding(de, 0);
if(!EVP_DecryptUpdate(de, plaintext, p_len, ciphertext, len)){
printf(ERROR in EVP_DecryptUpdate\n);
return NULL;
}
printf(len value after decrypt update \%d\\n, len);
if(!EVP_DecryptFinal_ex(de, plaintext+p_len, f_len)){
printf(ERROR in EVP_DecryptFinal_ex\n);
ERR_print_errors_fp(stderr);
return NULL;
}
EVP_CIPHER_CTX_cleanup(de);
len = p_len + f_len;
printf(Decrypted value = %s\n, plaintext);
printf(len value after aes_decrypt \%d\\n, len);
if (strncmp(plaintext, input, olen))
printf(FAIL: enc/dec failed for \%s\\n, input);
else
printf(OK: enc/dec ok for \%s\\n, plaintext); // \%s\\n
printf(\n);
free(ciphertext);
free(plaintext);
return 0;
}
What I dont understand:
What should I feed as the len parameter for the openSSL EVP Decrypt
routines?
what is this magic len = c_len+ f_len?
How should I get this in case I am given just the cipher with the key and
the iv? This should be always possible right? I know strlen is a bad
parametr especially for binary as the ciphertext input to EVP Decrypt is
binary: so how should I get this?
I can already see that if I use len= strlen(ciphertext) gives me a wrong
answer and sizeof parameter is also not
calls to openssl remotely
Dear All, I have a system A which uses openssl engine for cryptography, however for some experimental purpose, we have to perform crypotography remotely. Therefore, I have to send any calls to openssl engines via socket to a remote system(B) with openssl support. I want to know if the wrapper that I am building in C language on System A that receives all openssl calls has to use some ssl socket calls to be able to call openssl libs on System B. Or if not how do you think I should go about the problem? Thanks in advance.
.RSA conversion
Dear All, I have a certificate with a .rsa extension. On googling I found that this is a pkcs7 format using MD5 with RSA. Now my question is, is there a way to convert it to openssl specifics and handle?? I want to read it in say PEM.. thanks
Re: OpenSSL verification SHA1 with RSA problem
Hi, Thank you for the reply. I now send the signature and original message as base64 format from System A(Java Machine) and now at System B I decode it using: openssl enc -d -in sig.b64 -out sig.bin But unfortunately, the output file is empty! I wonder why! Also, I do the same on my original file that I pass to System B (in base64). I decode it as: openssl enc -d -in orig.b64 -out orig.bin But the orig.bin now contains the text that I sent(string) and not the binary. What am I missing? On Fri, Sep 3, 2010 at 10:13 AM, tera tellence tellt...@googlemail.comwrote: Dear all, I have to sign a message with a private key using the sha1 with RSA using the Java JCE(Bouncy Castle engine) on System A. I then have to pass the public key, the original message and the signature to System B which uses OpenSSL to verify the signature. At the openSSL end, I use: openssl dgst -sha1 -verify pubkey.pem -signature s.sign data.sha1 Where: pubkey.pem is the public key I pass as a PEM format. s.sign= signature in hex format( here I am not sure what format to use) data.sha1= I get send the original message to system B as a hex string. At System B I compute the sha1 digest of this hex string and store it at data.sha1 to verify. However the verification always fails. With this regard, what are the expected formats of the files? Is there a way to use a hex file for data and signature? or even a base64 encoded signature and data for verification? What am I doing wrong here? Please help!! Regards, Tera Tellence
OpenSSL verification SHA1 with RSA problem
Dear all, I have to sign a message with a private key using the sha1 with RSA using the Java JCE(Bouncy Castle engine) on System A. I then have to pass the public key, the original message and the signature to System B which uses OpenSSL to verify the signature. At the openSSL end, I use: openssl dgst -sha1 -verify pubkey.pem -signature s.sign data.sha1 Where: pubkey.pem is the public key I pass as a PEM format. s.sign= signature in hex format( here I am not sure what format to use) data.sha1= I get send the original message to system B as a hex string. At System B I compute the sha1 digest of this hex string and store it at data.sha1 to verify. However the verification always fails. With this regard, what are the expected formats of the files? Is there a way to use a hex file for data and signature? or even a base64 encoded signature and data for verification? What am I doing wrong here? Please help!! Regards, Tera Tellence
