1

I am trying to build a program the takes in a file (an EXE of arbitrary size), encrypts its and copies it to a structure. Then decrypt it later and make sure it is the same for use.

I am having a hard time encrypting then decrypting the file. It seems to not be encrypting properly and I do not know how to test it.

Here are my questions:

  1. What am I doing wrong here?
  2. Is there a better library to encrypt using AES? or shall I stick with openSSL
  3. Lets say I wanted to use another key say "HelloWorld". Can I just use that string and use it as an argument for the encryption algorithm? Do I have to set the correct bit length of the key? If so how?

Code:

struct structData{
    unsigned char * FileBuffer;
    unsigned long FileSize;
    //More stuff in here
};

struct Data sData;


/*
 I load the data here, and fill in the data etc
*/
unsigned char Key[]={ //128bit key
    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
};

unsigned char *enc_data = malloc(sData->FileSize);//Temporary holder for the File

AES_KEY enc_key;
AES_set_encrypt_key(Key,128,&enc_key);//Put key defined here
AES_encrypt(sData->FileBuffer,enc_data,&enc_key);
sData->FileBuffer = enc_data;//This should move the stuff over
//Should be encrypted here
sData->FileBuffer = enc_data;//Copy the output to the file buffer
free(enc_data);//Free memory

AES_KEY dec_key;
AES_set_decrypt_key(Key, 128,&dec_key);
AES_decrypt(sData->FileBuffer,dec_data,&dec_key);
sData->FileBuffer = dec_data;

free(dec_data);

Anything would help, hopefully I am heading in the right direction, my C skills are a bit rusty.

jww
  • 97,681
  • 90
  • 411
  • 885
Kevin
  • 3,077
  • 6
  • 31
  • 77
  • is this actually the code you are using? because you free(enc_data) and try to decrypt it afterwards. You should allocate an new chunk of memory for pFileBuffer and use memcpy() to copy the contents of enc_data. Note: sData->pFileBuffer = enc_data; does not copy anything it just sets pFileBuffer to point to the same location as enc_data. – robin.koch Jul 04 '14 at 15:55
  • it can't be the code he's using. There is no `pFileBuffer` member of that structure. – WhozCraig Jul 04 '14 at 15:56
  • It is not the code I am useing, I renamed some of the variables, I will fix it in edit. – Kevin Jul 04 '14 at 15:59
  • You do not need a temp buffer larger than the block size of the algorithm, which is 16 bytes (128 bits). The memory leak aside, this code will only encrypt **one** block (16 bytes). In short, you need to be more familiar with how block ciphers work. (Still trying to understand why you specified a 192-bit key, but you hard-hand-coded the length to 128, so its not really an issue). – WhozCraig Jul 04 '14 at 16:12
  • @robin.koch Ah ok. This is what I was figuring, thanks! and WhozCraig, I see I incorrectly specified the Key length. So the proper way to do this is to loop this function until eof? – Kevin Jul 04 '14 at 17:04
  • This may be a good starting point to deal with AES : http://stackoverflow.com/questions/20039066/aes-ctr128-encrypt-string-and-vice-versa-ansi-c – francis Jul 04 '14 at 20:45

2 Answers2

4

What am I doing wrong here?

Well, that's a bit too open ended to answer thoroughly.

Starting with the obvious, you are using low-level AES_* interfaces and operating AES in ECB mode. You are not deriving your key. And you are hard coding a key.

It also looks like you have memory management problems. You don't appear to use FileSize anywhere.

Is there a better library to encrypt using AES?

If you are going to use OpenSSL, then you should probably use the EVP_* interfaces and use an authenticated encryption mode like GCM. With GCM mode, you get confidentiality and authenticity. See EVP Authenticated Encryption and Decryption on the OpenSSL wiki.

Lets say I wanted to use another key say "HelloWorld". Can I just use that string and use it as an argument for the encryption algorithm? Do I have to set the correct bit length of the key? If so how?

You should derive a key rather than use it directly from your passphrase. See EVP_BytesToKey(3) and PKCS5_PBKDF2_HMAC(3) in the OpenSSL docs (the OpenSSL wiki does not have an article or example code).

... shall I stick with OpenSSL

If you use the library correctly, then you should be happy with it.

Otherwise, you can use any other library you like. See the OpenSSL wiki's Related Links page for some alternatives.

jww
  • 97,681
  • 90
  • 411
  • 885
  • 1
    Don't you love the way you can create very extensive answers regarding crypto, just to be ignored by the person asking the question? I've voted up a few of your (not accepted) answers. Appreciate the OpenSSL related answers you've provided here! – Maarten Bodewes Jul 13 '14 at 13:03
  • @jww thanks for pointing me in the correct direction. I am sorry it took me so long to make your answer the correct answer but I was working on it and finally solved it using your advice (along with others). I have posted a solution using the EVP api over here: [link] http://stackoverflow.com/questions/24856303/openssl-aes-256-cbc-via-evp-api-in-c This works on binary data, so an executable will also be encrypted. Thanks again. – Kevin Jul 21 '14 at 11:11
0

Here is my example of AES encryption with Javascript.

The live platform is here

The AES code is located here

Darragh Blake
  • 238
  • 1
  • 6