Hi,
I test AES CBC mode with below test case(from RFC 3602 section 4). I meet some
questions which are strange for me.
(I use openssl-0.9.8g, under WidowsXP, VC6++),
1 EVP_EncryptFinal_ex() shall be called after calling EVP_EncryptUpdate(), or
not if the block is just 16 bytes long
2 when I decrypt the ciphertest from the test case , why failed
from RFC 3602 section 4:
Case #1: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Key : 0x06a9214036b8a15b512e03d534120006
IV : 0x3dafba429d9eb430b422da802c9fac41
Plaintext : "Single block msg"
Ciphertext: 0xe353779c1079aeb82708942dbe77181a
below is my test progarm
unsigned char *EncryptTest(unsigned char *in, int inl, unsigned char *key,
unsigned char *iv, int *outl)
{
EVP_CIPHER_CTX ctx;
int ret;
EVP_CIPHER_CTX_init(&ctx);
ret = EVP_CIPHER_CTX_set_padding(&ctx, 0); //0 for no padding, 1 for padding
if(!ret) abort();
ret = EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), 0, key, iv);
if(!ret) abort();
cout<<"EVP_CIPHER_CTX_block_size: "<<EVP_CIPHER_CTX_block_size(&ctx)<<endl;
// 16
cout<<"EVP_CIPHER_CTX_key_length: "<<EVP_CIPHER_CTX_key_length(&ctx)<<endl;
// 16
cout<<"EVP_CIPHER_CTX_iv_length: "<<EVP_CIPHER_CTX_iv_length(&ctx)<<endl;
// 16
unsigned char *out=0;
*outl=0;
out = (unsigned char *)malloc(inl + EVP_CIPHER_CTX_block_size(&ctx));
int len=0;
ret = EVP_EncryptUpdate(&ctx, out, outl, in, inl);
if(!ret) abort();
len += *outl;
// code here will lead to return 32 bytes long
// without below code, the result is right, I get right ciphertext as test
case. Why????????????????????????
/*
ret = EVP_EncryptFinal_ex(&ctx, out+len, outl);
if(!ret) abort();
len += *outl;
*outl = len;
*/
return out;
}
The decrypt program:
unsigned char *DecryptTest(unsigned char *in, int inl, unsigned char *key,
unsigned char *iv, int * outl)
{
int ret;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
ret = EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), 0, key, iv);
if(!ret) abort();
cout<<"EVP_CIPHER_CTX_block_size: "<<EVP_CIPHER_CTX_block_size(&ctx)<<endl;
// 16
cout<<"EVP_CIPHER_CTX_key_length: "<<EVP_CIPHER_CTX_key_length(&ctx)<<endl;
// 16
cout<<"EVP_CIPHER_CTX_iv_length: "<<EVP_CIPHER_CTX_iv_length(&ctx)<<endl;
// 16 here
unsigned char *out=0;
*outl=0;
out = (unsigned char *)malloc(inl + EVP_CIPHER_CTX_block_size(&ctx)+1);
int len=0;
ret = EVP_DecryptUpdate(&ctx, out, outl, in, inl ); // inl=16 here, if I
set inl>16, I can get right result, why ????????????????????
if(!ret) abort();
len += *outl; // *outl = 0 here, why?????????????????????????????????
ret = EVP_DecryptFinal_ex(&ctx, out, outl);
if(!ret) abort(); // !!! abort here, why
??????????????????????????????????????
len += *outl;
ret = EVP_CIPHER_CTX_cleanup(&ctx);
if(!ret) abort();
*outl = len;
return out;
}
The main :
int i;
unsigned char key[]={
0x06,0xa9,0x21,0x40,
0x36,0xb8,0xa1,0x5b,
0x51,0x2e,0x03,0xd5,
0x34,0x12,0x00,06
};
unsigned char iv[]={
0x3d,0xaf,0xba,0x42,
0x9d,0x9e,0xb4,0x30,
0xb4,0x22,0xda,0x80,
0x2c,0x9f,0xac,0x41
};
char Plaintext[]="Single block msg";
unsigned char Ciphertext[]={
0xe3,0x53,0x77,0x9c,
0x10,0x79,0xae,0xb8,
0x27,0x08,0x94,0x2d,
0xbe,0x77,0x18,0x1a
};
unsigned char *out;
int outl;
out = EncryptTest((unsigned char*)Plaintext, sizeof(Plaintext), key,iv,
&outl);
printf("Ciphertext: ");
for(i=0; i<outl; i++)
printf("%.2x",out[i]);
printf("\n");
unsigned char *out2;
int outl2;
out2 = DecryptTest(Ciphertext, sizeof(Ciphertext), key,iv, &outl2);
free(out);
free(out2);
bian
___________________________________________________________
天生购物狂,狂抢购物券,你还等什么!
http://cn.mail.yahoo.com/promo/taobao20/index.php
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
