Re: EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

2019-09-30 Thread Thulasi Goriparthi 
Agree that XTS specific deviation should have been documented similar to
some of the AEAD ciphers with EVP interface.

Thanks,
Thulasi.

On Tue, 1 Oct 2019 at 08:46, Norm Green 
wrote:

> Could be, but that's not how EVP_CipherUpdate is documented to work.  If
> this is an XTS mode limitation and not a bug, shouldn't the limitation be
> documented on a man page somewhere?  And shouldn't my second call to
> EVP_CipherUpdate fail?
>
> Norm Green
>
>
> On 9/30/2019 8:04 PM, Thulasi Goriparthi wrote:
>
> As 512 byte blocks are independently encrypted, they should be decrypted
> similarly. This is how XTS mode is defined.
> i.e Try to decrypt 512 byte blocks separately with two CipherUpdates.
>
> Thanks,
> Thulasi.
>
> On Tue, 1 Oct 2019 at 06:43, Norm Green 
> wrote:
>
>> Hi all,
>>
>> I'm using OpenSSL 1.1.1d on Linux with the cipher EVP_aes_256_xts() in
>> order to write database/disk encryption software.
>>
>> When encrypting, I have problems if I call EVP_CipherUpdate() and
>> encrypt the data in chunks. Encrypting only works when I encrypt the
>> entire payload with one and only one call to EVP_CipherUpdate.
>>
>> If I try to break the data into chunks (and make more than one call to
>> EVP_CipherUpdate), then decrypting the data produces garbage after the
>> first chunk that was encrypted
>> When decrypting, I always decrypt all data in one call to
>> EVP_CipherUpdate .
>>
>> For example, when encrypting 1024 bytes, this pseudo-code sequence works:
>>
>> char payload[1024];
>> char encrypted[1024];
>> int destSize = sizeof(encrypted);
>> EVP_CipherInit_ex();
>> EVP_CipherUpdate(ctx, encrypted, , payload, sizeof(payload));
>> EVP_CipherFinal(); (produces no additional data)
>>
>> However if I break the 1024 payload into 2 x 512 byte chunks, decrypting
>> the entire 1024 bytes of cipher text produces garbage every time:
>>
>> char payload[1024];
>> char encrypted[1024];
>> int destSize = sizeof(encrypted);
>> EVP_CipherInit_ex();
>> EVP_CipherUpdate(ctx, encrypted, , payload, 512); // first chunk
>> destSize -= 512;
>> EVP_CipherUpdate(ctx, [512], , [512], 512);
>> // second chunk
>> EVP_CipherFinal(); (produces no additional data)
>>
>> I have a short C program that demonstrates the problem that I can post
>> if necessary.
>>
>> Can anyone explain what's going on?
>>
>> Norm Green
>> CTO, GemTalk Systems Inc.
>>
>
>

Re: EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

2019-09-30 Thread Norm Green 
Could be, but that's not how EVP_CipherUpdate is documented to work.  If 
this is an XTS mode limitation and not a bug, shouldn't the limitation 
be documented on a man page somewhere?  And shouldn't my second call to 
EVP_CipherUpdate fail?


Norm Green


On 9/30/2019 8:04 PM, Thulasi Goriparthi wrote:
As 512 byte blocks are independently encrypted, they should be 
decrypted similarly. This is how XTS mode is defined.

i.e Try to decrypt 512 byte blocks separately with two CipherUpdates.

Thanks,
Thulasi.

On Tue, 1 Oct 2019 at 06:43, Norm Green > wrote:


Hi all,

I'm using OpenSSL 1.1.1d on Linux with the cipher
EVP_aes_256_xts() in
order to write database/disk encryption software.

When encrypting, I have problems if I call EVP_CipherUpdate() and
encrypt the data in chunks. Encrypting only works when I encrypt the
entire payload with one and only one call to EVP_CipherUpdate.

If I try to break the data into chunks (and make more than one
call to
EVP_CipherUpdate), then decrypting the data produces garbage after
the
first chunk that was encrypted
When decrypting, I always decrypt all data in one call to
EVP_CipherUpdate .

For example, when encrypting 1024 bytes, this pseudo-code sequence
works:

char payload[1024];
char encrypted[1024];
int destSize = sizeof(encrypted);
EVP_CipherInit_ex();
EVP_CipherUpdate(ctx, encrypted, , payload, sizeof(payload));
EVP_CipherFinal(); (produces no additional data)

However if I break the 1024 payload into 2 x 512 byte chunks,
decrypting
the entire 1024 bytes of cipher text produces garbage every time:

char payload[1024];
char encrypted[1024];
int destSize = sizeof(encrypted);
EVP_CipherInit_ex();
EVP_CipherUpdate(ctx, encrypted, , payload, 512); //
first chunk
destSize -= 512;
EVP_CipherUpdate(ctx, [512], , [512],
512);
// second chunk
EVP_CipherFinal(); (produces no additional data)

I have a short C program that demonstrates the problem that I can
post
if necessary.

Can anyone explain what's going on?

Norm Green
CTO, GemTalk Systems Inc.

Re: EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

2019-09-30 Thread Thulasi Goriparthi 
As 512 byte blocks are independently encrypted, they should be decrypted
similarly. This is how XTS mode is defined.
i.e Try to decrypt 512 byte blocks separately with two CipherUpdates.

Thanks,
Thulasi.

On Tue, 1 Oct 2019 at 06:43, Norm Green 
wrote:

> Hi all,
>
> I'm using OpenSSL 1.1.1d on Linux with the cipher EVP_aes_256_xts() in
> order to write database/disk encryption software.
>
> When encrypting, I have problems if I call EVP_CipherUpdate() and
> encrypt the data in chunks. Encrypting only works when I encrypt the
> entire payload with one and only one call to EVP_CipherUpdate.
>
> If I try to break the data into chunks (and make more than one call to
> EVP_CipherUpdate), then decrypting the data produces garbage after the
> first chunk that was encrypted
> When decrypting, I always decrypt all data in one call to EVP_CipherUpdate
> .
>
> For example, when encrypting 1024 bytes, this pseudo-code sequence works:
>
> char payload[1024];
> char encrypted[1024];
> int destSize = sizeof(encrypted);
> EVP_CipherInit_ex();
> EVP_CipherUpdate(ctx, encrypted, , payload, sizeof(payload));
> EVP_CipherFinal(); (produces no additional data)
>
> However if I break the 1024 payload into 2 x 512 byte chunks, decrypting
> the entire 1024 bytes of cipher text produces garbage every time:
>
> char payload[1024];
> char encrypted[1024];
> int destSize = sizeof(encrypted);
> EVP_CipherInit_ex();
> EVP_CipherUpdate(ctx, encrypted, , payload, 512); // first chunk
> destSize -= 512;
> EVP_CipherUpdate(ctx, [512], , [512], 512);
> // second chunk
> EVP_CipherFinal(); (produces no additional data)
>
> I have a short C program that demonstrates the problem that I can post
> if necessary.
>
> Can anyone explain what's going on?
>
> Norm Green
> CTO, GemTalk Systems Inc.
>

EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

2019-09-30 Thread Norm Green 

Hi all,

I'm using OpenSSL 1.1.1d on Linux with the cipher EVP_aes_256_xts() in 
order to write database/disk encryption software.


When encrypting, I have problems if I call EVP_CipherUpdate() and 
encrypt the data in chunks. Encrypting only works when I encrypt the 
entire payload with one and only one call to EVP_CipherUpdate.


If I try to break the data into chunks (and make more than one call to 
EVP_CipherUpdate), then decrypting the data produces garbage after the 
first chunk that was encrypted

When decrypting, I always decrypt all data in one call to EVP_CipherUpdate .

For example, when encrypting 1024 bytes, this pseudo-code sequence works:

char payload[1024];
char encrypted[1024];
int destSize = sizeof(encrypted);
EVP_CipherInit_ex();
EVP_CipherUpdate(ctx, encrypted, , payload, sizeof(payload));
EVP_CipherFinal(); (produces no additional data)

However if I break the 1024 payload into 2 x 512 byte chunks, decrypting 
the entire 1024 bytes of cipher text produces garbage every time:


char payload[1024];
char encrypted[1024];
int destSize = sizeof(encrypted);
EVP_CipherInit_ex();
EVP_CipherUpdate(ctx, encrypted, , payload, 512); // first chunk
destSize -= 512;
EVP_CipherUpdate(ctx, [512], , [512], 512); 
// second chunk

EVP_CipherFinal(); (produces no additional data)

I have a short C program that demonstrates the problem that I can post 
if necessary.


Can anyone explain what's going on?

Norm Green
CTO, GemTalk Systems Inc.