All geek questions in one place

8 bytes missing in EVP_DecryptFinal

This is my first question, so please tell me if I do something wrong :).

My problem is that I use

EVP_DecryptInit(&ctx1, EVP_des_ecb(), tmpkey, NULL); EVP_DecryptUpdate(&ctx1, keysigout, &outlu ,keysigin, keysigfilelength); EVP_DecryptFinal(&ctx1, keysigout, &outlf); printf("DECLEN:%i",outlu + outlf);

to decrypt a binary file. The file is 248 bytes long, but only printf tells me that EVP decrypted 240 bytes. keyigfilelength is 248 and should report that it needs to decrypt 248 bytes.

I do not understand why this does not work and will be happy if you can enlighten me.

Edit: I just encrypted the file manually with the command

 openssl enc -e -des-ecb -in test.txt -out test.bin -K 00a82b209cbeaf00

and it grew by 8 bytes: O. I still don’t know where they came from, but I don’t think that the general error that I have in my program is caused by this.

The context of this whole problem is an information security course at my university. We got similar tasks with different algorithms, but even the one who successfully completed his program could not determine where the problem is in my program.

Can I publish my entire program for you?

+6
source share
2 answers

I hope he will answer my own question.

 EVP_DecryptUpdate(&ctx1, keysigout, &outlu ,keysigin, keysigfilelength); EVP_DecryptFinal(&ctx1, keysigout + outlu, &outlf);

The problem was the lack of outlu, DecryptFinal tried again to decrypt the entire block. When I added outlu I got 7 bytes in outlf and it worked. For future reference, I will add the entire function below. He expects the key and iv to be one block of data.

 int decrypt(const EVP_CIPHER *cipher,unsigned char *key, unsigned char *encryptedData, int encryptedLength,unsigned int * length, unsigned char ** decryptedData) { int decryptedLength = 0, lastDecryptLength = 0, ret; unsigned char * iv = NULL; EVP_CIPHER_CTX *cryptCtx = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX_init(cryptCtx); *decryptedData = malloc (encryptedLength * sizeof(char)); if(cipher->iv_len != 0) iv = key + cipher->key_len; EVP_DecryptInit_ex(cryptCtx, cipher, NULL, key, iv); EVP_DecryptUpdate(cryptCtx, *decryptedData, &decryptedLength, encryptedData, encryptedLength); ret = EVP_DecryptFinal_ex(cryptCtx, *decryptedData + decryptedLength, &lastDecryptLength); *length = decryptedLength + lastDecryptLength; EVP_CIPHER_CTX_free(cryptCtx); EVP_cleanup(); return ret; }
+2
source

Since block ciphers really want to work on input that is a multiple of their block size, the input is usually padded to meet this requirement. By default, for many programs (including openssl enc , PKCS # 5 padding is used

If the plaintext is not a multiple of 8 bytes, then add bytes are added so that they are. If it is already a multiple of 8 bytes, 8 bytes of padding are added. Thus, for encrypted data it is quite normal than plaintext.

0
source

Source: https://habr.com/ru/post/905364/

More articles:


All Articles