2

I'm building a dynamic engine to support a custom AES hardware module that I've implemented in FPGA logic**, but after reading all available documentation, and pouring over the source code, I'm still very confused about the following two things.....

  1. How and where I should define the EVP_[En/De]cryptInit_ex(..), EVP_[En/De]cryptUpdate(..), and EVP_[En/De]cryptFinal_ex(..) functions in my Engine code?

Prior to this, I successfully built an engine for my sha256 accelerator, and now I'm trying to follow the same steps for AES. For sha256, the EVP_MD structure allowed me to declare pointers to my init, update, and final functions. This all worked flawlessly.

Now, when I'm building the AES engine, I see that the EVP_CIPHER structure does not have these pointers (init, update, final), but instead has a pointer to init_key and do_cipher functions. However, the EVP encryption interface still has these functions defined.

AFAIK (and please correct me if this is wrong) my init_key function is invoked by the EVP interface when I call the EVP_[En/De]cryptInit_ex function, and the do_cipher function is called upon EVP_[En/De]cryptUpdate. But how should I handle the EVP_[En/De]cryptFinal functions? Should I not be implementing them in my engine? Or am I missing something here....

  1. Does the EVP interface handle padding when a dynamic engine is involved? Or is it up to me to implement a padding structure within the engine itself? If the latter is the case, then I think the answer to the previous questions will help me figure out exactly where to implement it.

You can refer to the source code HERE if you would like to see it, however I don't think its necessary for this question.

So to recap, two questions:

  1. How can I explicitly define which operations in my engine happen when the EVP_[En/De]cryptInit_ex(..), EVP_[En/De]cryptUpdate(..), and EVP_[En/De]cryptFinal_ex(..) functions are called from a driver program?
  2. Does my engine need to handle padding the input data upon encryption, and stripping the padding when decrypting? Or does the EVP API handle the padding for me, and I only need to worry about the core AES algorithm on the arbitrary input data? (for reference, I'd like to just use standard PKCS padding)

Thanks in advance!

** I'm using the Xilinx Zynq SoC, so I can create custom hardware in the programmable logic, and then interact with it from software running on the processor through the memory map, just like any peripheral....details irrelevant

jww
  • 97,681
  • 90
  • 411
  • 885
asmvolatile
  • 522
  • 5
  • 22
  • 1
    You might be interested in looking through the GOST engine as a reference for implementing engines (just don't actually use GOST). https://github.com/gost-engine/engine – vcsjones Jun 26 '17 at 14:53
  • @vcsjones, thanks, and I've actually already looked at that when I was starting engine development, it was very helpful. However I still don't understand the mapping, since there are no test driver programs in that source code. I want to know how my init_keys and do_cipher functions map to the EVP functions (init, update, final) – asmvolatile Jun 26 '17 at 15:05

0 Answers0