Hi all. In relation to a previous email i sent to the list titled 'Question
about KEYS.. (EVP_BytesToKey)', I spent a while going through the code that
sets up a symmetric cipher for decryption.
NOTE: In my problem domain, the encryption of this data is happening on the
server side of the connection, but not through SSL. This is not a direct
SSL problem, that seems to be working fine.. this is external to SSL, but I
am using the libcrypto.a that comes with openssl for my own decryption as
well as for ssl work.)
Anyway, here is the problem:
The data is being encrypted by blowfish on the server side (using a java
crypto library). In this library we set the key to be 24 bytes of data. As
I understand it BF keys can be from 16 to 448 bits long. In anycase this is
the code I use to setup the EVP decryption information. It doesnt work, and
I think I know why, but I just dont know what to do about it: In anycase,
here is the code I use to interface to libcrypto.a:
char key[24];
char iv[8];
bzero(iv,8); //I know i dont want this to be all zeroes, but im just testing
//and when using ecb mode it doesnt even matter.
strcpy(key,"012345678901234567890123");//this is the exact string used to
encrypt.
ERR_load_EVP_strings();
EVP_CIPHER_CTX_init(&dCTX);
EVP_DecryptInit(&dCTX,EVP_bf_ecb(),key,iv);
int plainLength1,plainLength2
EVP_DecryptUpdate(&dCTX,plainText,(int*)&plainLength1,(byte_t*)
cipherText,cipherLength);
if (EVP_DecryptFinal(&dCTX,plainText+plainLength1,&plainLength2)==1)
return plainLength1+plainLength2;
else
return 0;
Now here is the problem... from tracing through the evp and the bf code in
the crypto directory, EVP_DecryptInit, forces one to do the following:
(This is bf_ecb_init_key)
if (key != NULL)
BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
Well therein lies the problem... first off it's forcing me to use a key of
size EVP_BLOWFISH_KEY_SIZE (which is 8), while my real key is 24 bytes (and
technically by the blowfish standard could be 2 bytes to 56 bytes).
Additionally it forces you in BF_set_key to hash over the passed in key a
couple times before setting it up to be used.
Well:
a) Id like to be able to set it to any size i want.
b) I *NEED* to set it to a specific KEY... I cant have it do fancy hashes
and stuff to the passed in 'passphrase' because in the encryption program
itself, that has already done everything it needs to do to make a fancy,
healthy, safe key and is simply handing me these 24 bytes and saying --use
this as your key. So if the crypto lib does anything to alter the passed in
key, it is no longer using the correct key.
I can live with a 16 byte key, if need be, but how in the world do i make
this library just plain use the key i want it to use?
Is this library just not meant to be used for encryption/decryption use
outside of what SSL needs? Am I expecting to much? Should I go out and use
another crypto package for my general cryptography work outside of SSL?
Any advice or tips would be greatly appreciated.
Thanx in advance,
brian
ps. I have used it successfully for SSL work in this same project and it
has done a great job! Kudos to all developers for the package and the
community in general for the support.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
