Related
I've been trying to use the AES CTR 128 from tiny-aes-c (https://github.com/kokke/tiny-AES-c) to encrypt a randomly generated token, and it works, but not all the time. In some cases the retrieved string after encrypting and decrypting is cut off at some point. Here's the code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "token_auth.h"
#include "aes.h"
uint8_t * create_token() {
static char charset[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
uint8_t *token = malloc(sizeof(uint8_t) * (TOKEN_LENGTH + 1));
int i = 0;
srand ( time(NULL) );
for (i = 0; i < TOKEN_LENGTH; i++) {
int pos = rand() % (int)(strlen(charset) - 1);
token[i] = (int) charset[pos] - 0;
}
token[TOKEN_LENGTH] = 0;
return token;
}
int main() {
uint8_t key[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
uint8_t iv[16] = { 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
uint8_t *in = create_token();
printf("\nInput: %s\nSize: %d", (char *) in, strlen((char *) in));
struct AES_ctx ctx;
AES_init_ctx_iv(&ctx, key, iv);
AES_CTR_xcrypt_buffer(&ctx, in, strlen((char *) in));
AES_init_ctx_iv(&ctx, key, iv);
AES_CTR_xcrypt_buffer(&ctx, in, strlen((char *) in));
printf("\nDEC: %s\n", (char *) in);
return 0;
}
TOKEN_LENGTH is 128. As an example of the behavior, the string NM5DlWyYInbeNtEWhBxGCdEjHSv2I6FzTMffJNgudrL2UsYe6zVJMA3wvAyhHeQD18UMXckcF8gBAfPGQNqGqwdW9MgS39w7huVfIgtoqJ212SKSIdBaJP9VErOJAmQT comes out NM5DlWyYInbeNtEWhBxGCdEjHSv2 after being encrypted and decrypted. I'm not really good at C, so it might just well be a problem with something else I've done, but at this point I'm lost. Any ideas? Thanks in advance.
The first call to AES_CTR_xcrypt_buffer encrypts the buffer in place in CTR mode.
The buffer still has the same size (128 in your case), but can contain NUL bytes.
The strlen call in the second call of AES_CTR_xcrypt_buffer for decryption can therefore result in a length < 128 if the buffer contains a NUL byte.
By the way: It works in cases where the encryption does not result in a NUL byte in the buffer.
So if you call it with TOKEN_LENGTH as the length parameter decryption will give the original string again:
AES_CTR_xcrypt_buffer(&ctx, in, TOKEN_LENGTH);
I'm trying the implement the following openssl command line in C:
openssl enc -aes-256-cbc -d -in /tmp/out_enc -K \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
-iv 0 -nopad -p
Output of the command line:
key=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
iv =00000000000000000000000000000000
<CONNECTION_REQUEST ATS_ID="2" ATP_SEQ_ID="1" REGISTRATION_ID="Y2G5R52S8PP6YX47" SERIAL_NUMBER="724574802" SPC_PRODUCT_TITLE="SPC5300" SPC_FW_VERSION="3.8.5 - R.31629" ATS_NAME="Système (ATS) 2" ATP1_ID="2" ATP1_UID="34" ATP1_NAME="Principal ATP 1" ATP1_COMMS_INTERFACE="1" ATP1_DEST="1, 192.168.1.62:52000" ATP1_CATEGORY="50"/>�z
This is my equivalent in C:
long
_ast_crypt_decrypt_generic(unsigned char* ciphertext, long cipherlen, unsigned char* plaintext, const EVP_CIPHER *cipher) {
long result = 0;
/* A 256 bit key */
unsigned char *key = (unsigned char *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
/* A 128 bit IV */
unsigned char *iv = (unsigned char *)"0000000000000000";
EVP_CIPHER_CTX *ctx = NULL;
int len;
long plaintext_len;
if (cipher) {
/* Create and initialise the context */
if (!(ctx = EVP_CIPHER_CTX_new())) {
g_warning("AstCrypt : EVP_CIPHER_CTX_new failed");
goto end;
}
if (1 != EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) {
g_warning("AstCrypt : EVP_DecryptInit_ex");
}
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, cipherlen)) {
g_warning("AstCrypt : EVP_DecryptUpdate");
goto end;
}
plaintext_len = len;
if (1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) {
g_warning("AstCrypt : EVP_DecryptFinal_ex failed");
goto end;
}
plaintext_len += len;
result= plaintext_len;
}
else {
g_warning("AstCrypt : Failed to get the openssl elements.");
}
end:
if (ctx)
EVP_CIPHER_CTX_free(ctx);
return result;
}
long plainSize = _ast_crypt_decrypt_generic(headerData, headerLength, bPlain, EVP_aes_256_cbc());
//fwrite(bPlain, plainSize, 1, stdout);
The previous code sample doesn't decrypt the data correctly (in C).
Do you have any ideas what I am missing?
It's probably a missing understanding of the key/iv format in the openssl lib.
The answer is that the key/iv must be represented in hex :
The following works as expected :
unsigned char key[] =
{ 0xAA, 0xAA, 0xAA, 0xAA,
0xAA, 0xAA, 0xAA, 0xAA,
0xAA, 0xAA, 0xAA, 0xAA,
0xAA, 0xAA, 0xAA, 0xAA,
0xAA, 0xAA, 0xAA, 0xAA,
0xAA, 0xAA, 0xAA, 0xAA,
0xAA, 0xAA, 0xAA, 0xAA,
0xAA, 0xAA, 0xAA, 0xAA,0 };
//unsigned char key[] = {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0} ;
/* A 128 bit IV */
unsigned char iv[] =
{ 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,0 };
The problem is that you are assuming the key is direct copy of the "password". What you are doing with that command line is specifying the key as a hex string. So what you need to do is convert your "password" from a hex string into a the key buffer. In your example you should end up with every byte set to the hex value "0xAA".
Because you are passing in the key directly, there is no need for the MD5 parameter (to your function or into openssl).
If you wanted to using a password instead of a "hex string", then you need to hash it somehow into the key buffer. This is where the MD5 parameter comes in. You can use something like PBKDF2 (although I would use the openssl default SHA256 and not MD5 as the hashing function).
e.g. openssl enc -aes-256-cbc -pbkdf2 -k password
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
CHAR fileBuffer[1000];
uint8_t tmpArray[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t tmpArray2] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
for (i = 0; i < sizeof(fileBuffer); i++)
{
printf("%02X ", (uint8_t)tmpArray[i]);
}
take string from the file and convert to a byte array as in tmpArray. The string in the file would be like,
5FE1908F5FA463A9F94B8B1EA460B70A7D946B144E6A5093965A882E7855931A
I did try to read this into two byte arrays like this
memmove(tmpArray, fileBuffer, 32 * sizeof(uint8_t));
memmove(tmpArray2,fileBuffer[32], 32 *sizeof(uint8_t));
it copied in ok to tmpArray first 16bytes but the next 16bytes got messed up in tmpArray2.
If you could help with either way it would be great
string from file, string as above and convert to uint8_t arrays. the two separate arrays should result after reading/converting
uint8_t tmpArray[] = { 0x5F, 0xE1, 0x90, 0x8F, 0x5F, 0xA4, 0x63, 0xA9, 0xF9, 0x4B, 0x8B, 0x1E, 0xA4, 0x60, 0xB7, 0x0A };
uint8_t tmpArray2[] = { 0x7D, 0x94, 0x6B, 0x14, 0x4E, 0x6A, 0x50, 0x93, 0x96, 0x5A, 0x88, 0x2E, 0x78, 0x55, 0x93, 0x1A };
Is that what you wanted? (to test give binary 01 combination as an first argument)
#include <stdio.h>
#include <stdint.h>
uint8_t charToBin(char c)
{
switch(c)
{
case '0': return 0;
case '1': return 1;
}
return 0;
}
uint8_t CstringToU8(const char * ptr)
{
uint8_t value = 0;
for(int i = 0; (ptr[i] != '\0') && (i<8); ++i)
{
value = (value<<1) | charToBin(ptr[i]);
}
return value;
}
int main(int argc,const char *argv[])
{
printf("%d\n",CstringToU8(argv[1]));
return 0;
}
You can use CstringToU8() to convert 8 characters to one u8 number. Read whole data to char array (e.g. char * text) and then convert 8 characters to u8 number, store it and move you pointer 8 bytes further until array won't end.
Because after edit question was changed so here is my new solution. Code reading hex numbers from file and storing it into array.
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
int main()
{
FILE * fp;
uint8_t number = 0;
size_t fileSize = 0;
uint8_t * array = NULL;
size_t readedBytes = 0;
size_t iterator = 0;
fp = fopen ("hexNumbers.txt", "r");
// check file size
fseek(fp, 0L, SEEK_END);
fileSize = ftell(fp);
fseek(fp, 0L, SEEK_SET);
/// allocate max possible array size = fileSize/2
array = malloc(fileSize/2 * sizeof(uint8_t));
/// read data into array
while(!feof(fp))
{
if (fscanf(fp,"%2hhx",&number) == 1)
{
array[readedBytes++] = number;
}
}
fclose(fp);
/// print array output
for (iterator=0; iterator<readedBytes; ++iterator)
{
printf("%02x ", array[iterator]);
}
free(array);
return 0;
}
I want to use a memory-saving AES-128 implementation. I found the implementation of Karl Malbrain.
I am using it with the code below:
void encryptUboot(void){
//uint8_t key[AES_KEY_LENGTH] = {0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99};
uint8_t key[AES_KEY_LENGTH] = {0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x21, 0x21};
uint8_t keyschedule[AES_KEY_LENGTH * AES_ROUNDS] = {0x00};
uint8_t message[5] = "test";
uint8_t cipher[16] = {0x00};
uint8_t i;
if(debug) printf("\n[D] Running AES-128 encryption\n");
aes_expand_key(key, keyschedule);
aes_encrypt(message, keyschedule, cipher);
printf("message: %s | cipher: ", message);
for(i = 0; i<AES_KEY_LENGTH; i++){
printf("%02x ", cipher[i]);
}
}
This outputs:
[D] Running AES-128 encryption
message: test | cipher: 2d 58 45 71 24 43 f5 cd 69 6d 07 b3 a3 29 de 8f
However, using the code from here (zip file) with the code below ...
// AES usage example
// compile as: gcc main.c aes.h aes.c
#include <stdlib.h>
#include "aes.h"
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
unsigned char key[KEY_128] = {0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x21, 0x21};
unsigned char ptext[16] = "test";
unsigned char ctext[16];
unsigned char decptext[16];
unsigned int i = 0;
aes_ctx_t *ctx;
init_aes();
ctx = aes_alloc_ctx(key, sizeof(key));
if(!ctx) {
perror("aes_alloc_ctx");
return EXIT_FAILURE;
}
aes_encrypt(ctx, ptext, ctext);
for(i=0;i<KEY_128;i++) printf("%02x ", ctext[i]);
puts("");
aes_decrypt(ctx, ctext, decptext);
puts(decptext);
aes_free_ctx(ctx);
return EXIT_SUCCESS;
}
.. it outputs a different cipher:
1f 53 3f 60 15 d5 ab 16 69 b6 c6 3b 9e 77 2f 0c
test
Do you see my mistake? Obviously, I am instrumenting these libraries in a wrong way.
Thanks,
-P
Although I couldn't find the exact function you use in Malbrains code, I believe your problem lies in the difference in array length for message. The algorithm encrypts blocks of 128 bit (16 bytes), but you only allocated 5 bytes.
uint8_t message[5] = "test";
vs
unsigned char ptext[16] = "test";
Try initialising it with exactly the same data.
uint8_t message[16];
memset(message, 0, sizeof(message));
memcpy(message, "test", 5);
I am playing around with OpenSSL EVP routines for decryption using AES 128 cbc mode.
I use the test vectors specified at the NIST site to test my program.
The program seems to fail at EVP_DecryptFinal_ex routine.
Can anybody please tell me what is the problem?
Also how do I do the error checking here to find out why this routine fails?
UPDATED:
Please check the code below. I have added the encrypt and decrypt part. Encrypt works. But during the decryption, although the results of both match, the hexvalue of the cipher seems 80 bytes as opposed to the expected 64 bytes(mentioned in NIST) although the decryption works and the decrypted text matches the plaintext!
Can somebody clarify?
The expected ciphertext value should be:
cipher: 0000 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d
0010 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2
0020 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16
0030 3f f1 ca a1 68 1f ac 09 12 0e ca 30 75 86 e1 a7
here is the code:
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/evp.h>
int AES_BLOCK_SIZE;
int main(int argc, char **argv)
{
EVP_CIPHER_CTX en;
EVP_CIPHER_CTX de;
EVP_CIPHER_CTX_init(&en);
EVP_CIPHER_CTX_init(&de);
const EVP_CIPHER *cipher_type;
unsigned char *mode;
unsigned char *passkey, *passiv, *plaintxt;
int vector_len = 0;
char *plain;
char *plaintext;
unsigned char *ciphertext;
int olen, len;
int i =0;
//NIST VALUES TO CHECK
unsigned char iv[] =
{ 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0 };
unsigned char key[] =
{ 0x2b, 0x7e, 0x15, 0x16,
0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88,
0x09, 0xcf, 0x4f, 0x3c , 0 };
unsigned char input[] =
{ 0x6b, 0xc1, 0xbe, 0xe2,
0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11,
0x73, 0x93, 0x17, 0x2a,
0xae, 0x2d, 0x8a, 0x57,
0x1e, 0x03, 0xac, 0x9c,
0x9e, 0xb7, 0x6f, 0xac,
0x45, 0xaf, 0x8e, 0x51,
0x30, 0xc8, 0x1c, 0x46,
0xa3, 0x5c, 0xe4, 0x11,
0xe5, 0xfb, 0xc1, 0x19,
0x1a, 0x0a, 0x52, 0xef,
0xf6, 0x9f, 0x24, 0x45,
0xdf, 0x4f, 0x9b, 0x17,
0xad, 0x2b, 0x41, 0x7b,
0xe6, 0x6c, 0x37, 0x10, 0 };
printf("AES ALGORITHM FOR 128 bit CBC MODE\n");
cipher_type = EVP_aes_128_cbc();
AES_BLOCK_SIZE = 128;
passkey = key;
passiv = iv;
plain = input;
printf("iv=");
for(i = 0; i < sizeof iv; i++){
printf("%02x", iv[i]);
}
printf("\n");
printf("key=");
for(i = 0; i < sizeof key; i++){
printf("%02x", key[i]);
}
printf("\n");
printf("Initializing AES ALGORITHM FOR CBC MODE..\n");
EVP_EncryptInit_ex(&en, cipher_type, NULL, passkey, passiv);
EVP_DecryptInit_ex(&de, cipher_type, NULL, passkey, passiv);
olen = len = strlen(input)+1;
printf("len value before aes_encrypt \"%d\"\n", len);
int c_len = len + AES_BLOCK_SIZE - 1;
int f_len = 0;
ciphertext = (unsigned char *)malloc(c_len);
if(!EVP_EncryptInit_ex(&en, NULL, NULL, NULL, NULL)){
printf("ERROR in EVP_EncryptInit_ex \n");
return NULL;
}
if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
printf("ERROR in EVP_EncryptUpdate \n");
return NULL;
}
printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
printf("ERROR in EVP_EncryptFinal_ex \n");
return NULL;
}
printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
EVP_CIPHER_CTX_cleanup(&en);
len = c_len + f_len;
printf("len value after aes_encrypt \"%d\"\n", len);
len = strlen(ciphertext);
printf("strlen value of ciphertext after aes_encrypt \"%d\"\n", len);
int p_len = len;
f_len = 0;
plaintext = (unsigned char *)malloc(p_len);
//memset(plaintext,0,sizeof(plaintext));
if(!EVP_DecryptInit_ex(&de, NULL, NULL, NULL, NULL)){
printf("ERROR in EVP_DecryptInit_ex \n");
return NULL;
}
EVP_CIPHER_CTX_set_padding(&de, 0);
if(!EVP_DecryptUpdate(&de, plaintext, &p_len, ciphertext, len)){
printf("ERROR in EVP_DecryptUpdate\n");
return NULL;
}
if(!EVP_DecryptFinal_ex(&de, plaintext+p_len, &f_len)){
printf("ERROR in EVP_DecryptFinal_ex\n");
return NULL;
}
EVP_CIPHER_CTX_cleanup(&de);
len = p_len + f_len;
printf("Decrypted value = %s\n", plaintext);
printf("len value after aes_decrypt \"%d\"\n", len);
if (strncmp(plaintext, input, olen))
printf("FAIL: enc/dec failed for \"%s\"\n", input);
else
printf("OK: enc/dec ok for \"%s\"\n", plaintext); // \"%s\"\n
printf("OK: ciphertext is \"%s\"\n", ciphertext); // \"%s\"\n
printf("\n");
unsigned char *s3 = ciphertext;
printf("s3 =\n");
int nc = 0;
while(*s3 != '\0'){
printf("%02x", *s3);
s3++;
nc ++;
if(nc == 16){
printf("\n");
nc = 0;
}
}
printf("\n");
//printf("nc = %d\n", nc);
free(ciphertext);
free(plaintext);
return 0;
}
Just like you need to match the key and IV when you encrypt and decrypt, you also need to match the padding setting. The NIST tests are not padded. Here's an excerpt from the OpenSSL documentation:
EVP_DecryptInit_ex(),
EVP_DecryptUpdate() and
EVP_DecryptFinal_ex() are the
corresponding decryption operations.
EVP_DecryptFinal() will return an
error code if padding is enabled and
the final block is not correctly
formatted. The parameters and
restrictions are identical to the
encryption operations except that if
padding is enabled the decrypted data
buffer out passed to
EVP_DecryptUpdate() should have
sufficient room for (inl +
cipher_block_size) bytes unless the
cipher block size is 1 in which case
inl bytes is sufficient.
Searching that same page for "padding", you'll see the function EVP_CIPHER_CTX_set_padding:
EVP_CIPHER_CTX_set_padding() enables
or disables padding. By default
encryption operations are padded using
standard block padding and the padding
is checked and removed when
decrypting. If the pad parameter is
zero then no padding is performed, the
total amount of data encrypted or
decrypted must then be a multiple of
the block size or an error will occur.
So at some point after you call EVP_CIPHER_CTX_init and before you start decrypting, you need to do this:
EVP_CIPHER_CTX_set_padding(&de, 0);
To show the errors after an OpenSSL function fails, you can use:
ERR_print_errors_fp(stderr);
I had the same problem with EVP_DecryptFinal_ex routine. I've found out that you won't get the lenght of ciphertext by strlen(ciphertext) because the function strlen() returns the length of C string.
Ciphertext after encryption can contain '\0' characters which are considered end of C string, so you won't get the right length of ciphertext with function strlen().
Instead you should remember the length of ciphertext after encrypting. In your program you do it with c_len and f_len:
if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
printf("ERROR in EVP_EncryptUpdate \n");
return NULL;
}//Here you get length of ciphertext in c_len
printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
printf("ERROR in EVP_EncryptFinal_ex \n");
return NULL;
}//Here you get the rest of padded ciphertext in f_len
//This printf won't print out the real lengt of ciphertext you should put in (c_len+f_len)
printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
EVP_CIPHER_CTX_cleanup(&en);
len = c_len + f_len;//This is the real length of ciphertext
printf("len value after aes_encrypt \"%d\"\n", len);
len = strlen(ciphertext);//And here you rewrite it, delete this line and you should get it right
Another thing, when you what to print out cipher text don't use:
printf("OK: ciphertext is \"%s\"\n", ciphertext);
"%s" is also considered as C string and can print out just part of the whole ciphertext. Use instead:
int i = 0;
printf("\nCiphertext:");
for(i = 0; i < len; i++)//variable len is length of ciphertext memorized after encryption.
{printf("%c",ciphertext[i]);}