How to define EVP_EncryptUpdate and EVP_EncryptFinal functions for an AES engine? (and a separate question re: padding)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

How to define EVP_EncryptUpdate and EVP_EncryptFinal functions for an AES engine? (and a separate question re: padding)

Brett R. Nicholas

Hi there,

I'm building a dynamic engine to support a custom AES hardware module that I've implemented in FPGA logic**, but after reading all available documentation, and pouring over the source code, I'm still very confused about the following two things.....

  1. How and where I should define the
    EVP_[En/De]cryptInit_ex(..),    EVP_[En/De]cryptUpdate(..), and EVP_[En/De]cryptFinal_ex(..)
    functions in my Engine code?

Prior to this, I successfully built an engine for my sha256 accelerator, and now I'm trying to follow the same steps for AES. For sha256, the EVP_MD structure allowed me to declare pointers to my init, update, and final functions. This all worked flawlessly.

Now, when I'm building the AES engine, I see that the EVP_CIPHER structure does not have these pointers (init, update, final), but instead has a pointer to init_key and do_cipher functions. However, the EVP encryption interface still has these functions defined.

AFAIK (and please correct me if this is wrong)  my init_key function is invoked by the EVP interface when I call the EVP_[En/De]cryptInit_ex function, and the do_cipher function is called upon EVP_[En/De]cryptUpdate. But how should I handle the EVP_[En/De]cryptFinal functions? Should I not be implementing them in my engine? Or am I missing something here....

2. Does the EVP interface handle padding when a dynamic engine is involved? Or is it up to me to implement a padding structure within the engine itself? If the latter is the case, then I think the answer to the previous questions will help me figure out exactly where to implement it. 


So to recap, two questions:
  1. How can I explicitly define which operations in my engine happen when the EVP_[En/De]cryptInit_ex(..),    EVP_[En/De]cryptUpdate(..), and EVP_[En/De]cryptFinal_ex(..) functions are called from a driver program?
  2. Does my engine need to handle padding the input data upon encryption, and stripping the padding when decrypting? Or does the EVP API handle the padding for me, and I only need to worry about the core AES algorithm on the arbitrary input data? (for reference, I'd like to just use standard PKCS padding)
Thanks in advance,

- Brett

 
** I'm using the Xilinx Zynq SoC, so I can create custom hardware in the programmable logic, and then interact with it from software running on the processor through the memory map, just like any peripheral....details irrelevant


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to define EVP_EncryptUpdate and EVP_EncryptFinal functions for an AES engine? (and a separate question re: padding)

Dr. Stephen Henson
On Mon, Jun 26, 2017, Brett R. Nicholas wrote:

> AFAIK (and please correct me if this is wrong)  my init_key function is invoked by the EVP interface when I call the EVP_[En/De]cryptInit_ex function, and the do_cipher function is called upon EVP_[En/De]cryptUpdate. But how should I handle the EVP_[En/De]cryptFinal functions? Should I not be implementing them in my engine? Or am I missing something here....
>

The do_cipher function is normally the low level block cipher function: it
gets handed a multiple of the block size to encrypt/decrypt. The higher level
EVP_EncryptUpdate and EVP_EncryptFinal functions perform padding and buffering
internally and call the do_cipher function to encrypt a multiple of the block
size.

I saw "normally" because it is possible to specify the flag
EVP_CIPH_FLAG_CUSTOM_CIPHER in the EVP_CIPHER structure and handle padding
internally.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Loading...