-
I'm beginning to learn the ropes around encryption/decryption in general so apologies in advance if this is a silly question. For AES-XTS encryption, I want to perform segmented input calculations on the data, but it has a problem. #include <openssl/evp.h>
#include <openssl/rand.h>
#include <stdio.h>
#include <string.h>
void handleErrors(void)
{
ERR_print_errors_fp(stderr);
abort();
}
int sca_aes_xts_encrypt(const uint8_t *key, size_t klen, uint8_t *iv, const uint8_t *text, size_t len, uint8_t *out) {
EVP_CIPHER_CTX *ctx;
size_t ciphertext_len;
if(!(ctx = EVP_CIPHER_CTX_new()))
handleErrors();
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_128_xts(), NULL, NULL, NULL))
handleErrors();
if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_KEY_LENGTH, klen, NULL))
handleErrors();
if(1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
handleErrors();
// if(1 != EVP_EncryptUpdate(ctx, out, &len, text, len))
// handleErrors();
int block_size = 16;
for(int i = 0; i < len; i += block_size) {
int cipher_len = (len - i) >= block_size ? block_size : (len - i);
if(1 != EVP_EncryptUpdate(ctx, out + i, &cipher_len, text + i, cipher_len))
handleErrors();
}
ciphertext_len = len;
if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
handleErrors();
ciphertext_len += len;
return ciphertext_len;
} The calculation result of the entire data is correct, but the result after segmentation using EVP_EncryptUpdate is wrong. Any help appreciated. Thank you. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 16 replies
-
The XTS implementation in OpenSSL does not support streaming. That is there must only be one EVP_EncryptUpdate() call per EVP_EncryptInit_ex() call (and similarly with the "Decrypt" functions). |
Beta Was this translation helpful? Give feedback.
-
There is a stream update function, but it only works on the blocksize... |
Beta Was this translation helpful? Give feedback.
-
Hello, i'm working on a software emulation for XTS mode using openSSL, so i should reproduce Hardware behavior, i have some questions, if u can help me XTS mode have 3 phases in our IP:
we know that in XTS mode we have two keys, but why i see in your implementation just one (or u combined them in one key ?) |
Beta Was this translation helpful? Give feedback.
-
I recommend reading https://en.wikipedia.org/wiki/Disk_encryption_theory#XTS so that you understand what the algorithm does. |
Beta Was this translation helpful? Give feedback.
The XTS implementation in OpenSSL does not support streaming. That is there must only be one EVP_EncryptUpdate() call per EVP_EncryptInit_ex() call (and similarly with the "Decrypt" functions).