0

I'm testing some AES implementation in C, got it from here, compiled it and tested it, encrypting and decrypting works fine for each other.

At site it says:

This implementation encrypts 128-bit blocks.

And also

These programs should be used only for demonstration purposes, because the use of a password as a key gives an effective key length much shorter than the 256-bit key passed to the Rijndael encryption package.

So, I'm trying to test them and interact with the openssl, so if I encrypt anything with the compiled code I got, it can be decrypted with open-ssl or viceversa.

I've tried with openssl aes-128-cbc -in attack-plan.txt -out message.enc for encrypting and openssl aes-128-cbc -d -in message.enc -out plain-text.txt for decrypting, methods which I actually got from here. Also tried with 128-ecb but not getting results.

When I try to decrypt with openssl a file encrypted with the compiled code, and I input the password, it gives me the bad magic number error. When I try to decrypt an openssl encrypted file with my compiled code I'm not getting a right decrypted output.

I really need to get any implementation of AES in C, and proove it against openssl and getting it working good together.

Community
  • 1
  • 1
diegoaguilar
  • 8,179
  • 14
  • 80
  • 129
  • it's not really clear exactly what your question is that you want help with. – xaxxon Jul 07 '13 at 23:26
  • I need to know if it's possible to test openssl and the implementation I donwloaded and compiled together – diegoaguilar Jul 07 '13 at 23:30
  • 1
    it looks like the C code is using ECB and does no padding. so try encrypting a message (a multiple) of 16 bytes followed by 16 bytes of value 16 (pkcs#7 padding). or use a message (a multiple) of 16 bytes and `--nopad` in openssl (more likely to work). also, use -ecb-128 or whatever it's called. – andrew cooke Jul 08 '13 at 00:46
  • 2
    OpenSSL has its own ways of deriving keys from passwords. Owlstead tends to remember the finer details, hopefully he/she will be along shortly to post. In the meantime, try printing the key in the C code and passing that to openssl directly (using the `-K` argument). That will rule out any password shenanigans and would be a useful test. – Duncan Jones Jul 08 '13 at 07:55
  • Thanks @DuncanJones, you should actually give it as response. It clears out. You might be the *right answer* – diegoaguilar Jul 08 '13 at 14:41
  • It might be a solution. Did you try what I suggested and did it work? – Duncan Jones Jul 08 '13 at 14:48
  • @DuncanJones Although I'm along now, I've got little time to convert the proprietary OpenSSL key derivation method to C. Note that since OpenSSL is in C you could just copy `EVP_BytesToKey`. If you just enter a password instead of using `-K [hexkey]` then it certainly *will* be used. Oh, and I'm male :P – Maarten Bodewes Jul 08 '13 at 18:28
  • Oh, and the OpenSSL routines add/expect a proprietary header to store the salt value and some magics too if the key derivation method is being used. – Maarten Bodewes Jul 08 '13 at 18:33
  • So, @owlstead, in conclusion, it's quite *impossible* to make openssl and my code work together? – diegoaguilar Jul 08 '13 at 18:59
  • Of course not. The OpenSSL code is available and key derivations functions are not *that* hard to implement; it's just that you have to create a compatible library. Please see my answer [here](http://stackoverflow.com/questions/12219499/whats-wrong-with-nodejs-crypto-decipher) and [here](http://stackoverflow.com/questions/11783062/how-to-decrypt-an-encrypted-file-in-java-with-openssl-with-aes). – Maarten Bodewes Jul 08 '13 at 19:13
  • Thanks, I just really don't have time to implement anything. My *task* is to get any C implemented code and study it, then testing it with openssl. I was thinking about downloading the code from openssl and compiling it then ... – diegoaguilar Jul 08 '13 at 19:16
  • Going for the -K hexkey as Duncan proposed would be the quickest way. – Maarten Bodewes Jul 09 '13 at 08:58

0 Answers0