I have some data that was encrypted using the openssl (`AES_*`) functions. I
want update this code to use the newer (EVP_*) functions which are FIPS
compliant. But I should be able to decrypt data that was encrypted using the
old code.
I've pasted below both the old and the new code. The encrypted/decrypted
contents are different. i.e. I can't use them interchangeably. This means I
can't upgrade the code without having to decrypt using the old code and then
re-encrypt.
Are there any values for the parameters to EVP_BytesToKey so that aes_key
derived is the same in both cases. Or is there any other way to accomplish the
same using the (EVP_*) functions? I've tried several different values for
`digest`, `rounds` and tried making IV NULL, but didn't really work i.e. it
doesn't provide the same output as the old method. What algorithm is being used
in AES_set_encrypt/decrypt_key function?
The code using the `AES_*` functions
#include <stdio.h> #include <openssl/aes.h> #include <print_util.h>
static const unsigned char user_key[] = { 0x00, 0x01, 0x02, 0x03,
0x10, 0x11, 0x12, 0x13, 0x20, 0x21, 0x22, 0x23, 0x30, 0x31,
0x32, 0x33 }; int main() { unsigned char p_text[]="plain
text"; unsigned char c_text[16]; unsigned char d_text[16];
AES_KEY aes_key; AES_set_encrypt_key(user_key, 128, &aes_key);
AES_encrypt(p_text, c_text, &aes_key); printf("plain text =
%s\n", p_text); printbuf((char*)c_text, 16, "cipher text = ");
AES_set_decrypt_key(user_key, 128, &aes_key); AES_decrypt(c_text,
d_text, &aes_key); printf("plain text (decrypted) = %s \n", d_text);
return 0; }
The code using the `EVP_*` functions. (Encryption code is below and the
decryption code is similar).
#include <strings.h> #include <openssl/evp.h> #include <print_util.h>
static const unsigned char user_key[16] = { 0x00, 0x01, 0x02,
0x03, 0x10, 0x11, 0x12, 0x13, 0x20, 0x21, 0x22, 0x23, 0x30,
0x31, 0x32, 0x33 }; int main() { EVP_CIPHER_CTX *ctx =
(EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(ctx); const EVP_CIPHER *cipher =
EVP_aes_128_ecb(); // key size 128, mode ecb (not FIPS compliant?) const
EVP_MD *digest = EVP_md5(); int rounds = 10; unsigned char
aes_key[EVP_MAX_KEY_LENGTH]; unsigned char aes_iv[EVP_MAX_IV_LENGTH];
EVP_BytesToKey(cipher, digest, NULL, user_key, 16, rounds, aes_key,
aes_iv); EVP_EncryptInit(ctx, cipher, aes_key, aes_iv);
unsigned char p_text[]="plain text"; int p_len = sizeof(p_text);
unsigned char c_text[16]; int c_len = 16; int t_len;
EVP_EncryptUpdate(ctx, c_text, &c_len, p_text, p_len);
EVP_EncryptFinal(ctx, (c_text + c_len), &t_len); c_len += t_len;
printf("==> p_text: %s\n", p_text); printbuf((char*)c_text,
c_len, "==> c_text:"); }
Thanks_______________________________________________
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
