OpenSSL OpenSSL - User

using AES encryption

classic Classic list List threaded Threaded
6 messages Options
Julien ALLANOS
Reply | Threaded
Open this post in threaded view
|

using AES encryption

Julien ALLANOS
Hello, I want to use AES encryption in my C application, but I am missing
documentation. I only have openssl/aes.h but there isn't any manpage. Can
someone points me to any how-to or source code? Thanks for you help.
--
Julien ALLANOS
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Nils Larsch
Reply | Threaded
Open this post in threaded view
|

Re: using AES encryption

Nils Larsch
Julien ALLANOS wrote:
> Hello, I want to use AES encryption in my C application, but I am missing
> documentation. I only have openssl/aes.h but there isn't any manpage. Can
> someone points me to any how-to or source code? Thanks for you help.

consider using the EVP_Cipher* etc. functions (see EVP_CipherInit_ex
manpage)

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Julien ALLANOS
Reply | Threaded
Open this post in threaded view
|

Re: using AES encryption

Julien ALLANOS
Quoting Nils Larsch <[hidden email]>:

> Julien ALLANOS wrote:
>> Hello, I want to use AES encryption in my C application, but I am missing
>> documentation. I only have openssl/aes.h but there isn't any manpage. Can
>> someone points me to any how-to or source code? Thanks for you help.
>
> consider using the EVP_Cipher* etc. functions (see EVP_CipherInit_ex
> manpage)
>
> Nils

Thanks Nils. This manpage shows a great example of an encryption/decryption
function using this high-level API. However, I have a last question: is there
any limit on the input buffer size for EVP_CipherUpdate()? I see in the
example
that you're using 1024 bytes buffers inside a for loop. In my
application, most
of the buffers I'm encrypting using AES-192 are <1024 bytes, but there
might be
cases where a buffer has a greater size (not so much though). I'm wondering if
calling EVP_CipherUpdate() only once would be generic enough to handle these
situations, or if I should use a for loop as you did. Thanks for any help.
--
Julien ALLANOS
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Julien ALLANOS
Reply | Threaded
Open this post in threaded view
|

Re: using AES encryption

Julien ALLANOS
Quoting Julien ALLANOS <[hidden email]>:

> Quoting Nils Larsch <[hidden email]>:
>
>> Julien ALLANOS wrote:
>>> Hello, I want to use AES encryption in my C application, but I am missing
>>> documentation. I only have openssl/aes.h but there isn't any manpage. Can
>>> someone points me to any how-to or source code? Thanks for you help.
>>
>> consider using the EVP_Cipher* etc. functions (see EVP_CipherInit_ex
>> manpage)
>>
>> Nils
>
> Thanks Nils. This manpage shows a great example of an encryption/decryption
> function using this high-level API. However, I have a last question: is there
> any limit on the input buffer size for EVP_CipherUpdate()? I see in
> the example
> that you're using 1024 bytes buffers inside a for loop. In my
> application, most
> of the buffers I'm encrypting using AES-192 are <1024 bytes, but
> there might be
> cases where a buffer has a greater size (not so much though). I'm
> wondering if
> calling EVP_CipherUpdate() only once would be generic enough to handle these
> situations, or if I should use a for loop as you did. Thanks for any help.

Actually, I have tested the following:

    EVP_CIPHER_CTX_init(&ctx);
    EVP_CipherInit_ex(&ctx, EVP_aes_192_ecb(), NULL, key->data, NULL, 1);

    if (!EVP_CipherUpdate(&ctx, ciphertext->data, (int *) &ciphertext->length,
        plaintext->data, (int) plaintext->length))
    {
        EVP_CIPHER_CTX_cleanup(&ctx);
        return NULL;
    }

    if (!EVP_CipherFinal_ex(&ctx, ciphertext->data,
                            (int *) &ciphertext->length))
    {
        EVP_CIPHER_CTX_cleanup(&ctx);
        return NULL;
    }

    EVP_CIPHER_CTX_cleanup(&ctx);

Here, key, plaintext and ciphertext are structs with an unsigned char * 'data'
field and a size_t 'length' field. plaintext->length is 59 (in bytes), so I
have allocated 59 + 16 bytes for ciphertext->data before the snippet of code
above. But after encryption, ciphertext->length is only 16 bytes long! Do I
have to call EVP_CipherUpdate multiple times (and manage an offset for both
plaintext and ciphertext) to encrypt the entire incoming data? If so, what's
the purpose of the inl parameter if only a block length (16 bytes for AES) is
read per call? Thanks for any enlightenment.
--
Julien ALLANOS
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Nils Larsch
Reply | Threaded
Open this post in threaded view
|

Re: using AES encryption

Nils Larsch
Julien ALLANOS wrote:
...

> Actually, I have tested the following:
>
>    EVP_CIPHER_CTX_init(&ctx);
>    EVP_CipherInit_ex(&ctx, EVP_aes_192_ecb(), NULL, key->data, NULL, 1);
>
>    if (!EVP_CipherUpdate(&ctx, ciphertext->data, (int *)
> &ciphertext->length,
>        plaintext->data, (int) plaintext->length))
>    {
>        EVP_CIPHER_CTX_cleanup(&ctx);
>        return NULL;
>    }
>
>    if (!EVP_CipherFinal_ex(&ctx, ciphertext->data,
>                            (int *) &ciphertext->length))

here you overwrite the previously set length and data. Have a look
at the do_crypt example in the EVP_EncryptInit manpage.

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Julien ALLANOS
Reply | Threaded
Open this post in threaded view
|

Re: using AES encryption

Julien ALLANOS
Quoting Nils Larsch <[hidden email]>:

> Julien ALLANOS wrote:
> ...
>> Actually, I have tested the following:
>>
>>    EVP_CIPHER_CTX_init(&ctx);
>>    EVP_CipherInit_ex(&ctx, EVP_aes_192_ecb(), NULL, key->data, NULL, 1);
>>
>>    if (!EVP_CipherUpdate(&ctx, ciphertext->data, (int *)
>> &ciphertext->length,
>>        plaintext->data, (int) plaintext->length))
>>    {
>>        EVP_CIPHER_CTX_cleanup(&ctx);
>>        return NULL;
>>    }
>>
>>    if (!EVP_CipherFinal_ex(&ctx, ciphertext->data,
>>                            (int *) &ciphertext->length))
>
> here you overwrite the previously set length and data. Have a look
> at the do_crypt example in the EVP_EncryptInit manpage.
>
> Nils

Fine, it is working well now. Thanks for your help. Can I just assume that:

1/ AES_BLOCK_LENGTH = 16 ?

2/ output buffer size = input buffer size + AES_BLOCK_LENGTH for
EVP_CipherUpdate()?

3/ output buffer size = AES_BLOCK_LENGTH for EVP_CipherFinal_ex()?
--
Julien ALLANOS
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Free forum by Nabble Edit this page