Brian Snyder wrote:
>
>
> Anyway, here is the problem:
>
>
> char key[24];
> char iv[8];
> bzero(iv,8); //I know i dont want this to be all zeroes, but im just testing
> //and when using ecb mode it doesnt even matter.
> strcpy(key,"012345678901234567890123");//this is the exact string used to
> encrypt.
> ERR_load_EVP_strings();
> EVP_CIPHER_CTX_init(&dCTX);
> EVP_DecryptInit(&dCTX,EVP_bf_ecb(),key,iv);
>
> int plainLength1,plainLength2
> EVP_DecryptUpdate(&dCTX,plainText,(int*)&plainLength1,(byte_t*)
> cipherText,cipherLength);
> if (EVP_DecryptFinal(&dCTX,plainText+plainLength1,&plainLength2)==1)
> return plainLength1+plainLength2;
> else
> return 0;
>
> Now here is the problem... from tracing through the evp and the bf code in
> the crypto directory, EVP_DecryptInit, forces one to do the following:
> (This is bf_ecb_init_key)
> if (key != NULL)
> BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
>
> Well therein lies the problem... first off it's forcing me to use a key of
> size EVP_BLOWFISH_KEY_SIZE (which is 8), while my real key is 24 bytes (and
> technically by the blowfish standard could be 2 bytes to 56 bytes).
> Additionally it forces you in BF_set_key to hash over the passed in key a
> couple times before setting it up to be used.
>
> Well:
>
> a) Id like to be able to set it to any size i want.
You can't with the current EVP interface. Each EVP_CIPHER structure is
hard coded with a fixed key size. In crypto/evp/evp.h
EVP_BLOWFISH_KEY_SIZE is actually 16.
You can mess around with the internal structures that is simulate what
EVP_*_Init() does and use any size key. The library itself has to do
this at one point to handle unusual RC2 S/MIME.
> b) I *NEED* to set it to a specific KEY... I cant have it do fancy hashes
> and stuff to the passed in 'passphrase' because in the encryption program
> itself, that has already done everything it needs to do to make a fancy,
> healthy, safe key and is simply handing me these 24 bytes and saying --use
> this as your key. So if the crypto lib does anything to alter the passed in
> key, it is no longer using the correct key.
>
The value passed in the 'key' argument to EVP_DecryptInit() and friends
is the actual key itself.
Another point to not is that the EVP code always uses standard block
padding on the underlying cipher.
So if you are sure the Java library is using ECB mode, standard block
padding and a 16 byte key it should work.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
