Hello, owner-openssl-us...@openssl.org wrote on 02/17/2009 03:20:38 PM:
> 2009/2/17 Victor Duchovni <victor.ducho...@morganstanley.com>: > > On Mon, Feb 16, 2009 at 01:48:54PM +0800, loody wrote: > > > >> Dear all: > >> I want to realize aes, so I trace enc_main in enc.c. > >> But I find there are a lot call back functions such that I spend more > >> time on tracing these call back functions than understanding aes > >> algorithm. > >> > >> I have studied the aes flow chart on the wiki, > >> http://en.wikipedia.org/wiki/Advanced_Encryption_Standard > >> But I cannot find out where the connection between the password I > >> input with the aes. > >> > >> suppose I type: > >> openssl enc -aes-256-cbc -salt -in test.txt -out test.enc > >> enter aes-256-cbc encryption password: 123456 > >> Verifying - enter aes-256-cbc encryption password:123456 > >> > >> How do we deal with "123456" before calling AES_cbc_encrypt? > >> Is "123456" a part of key? > > > > User-supplied passwords (password based encryption) are not strong > > enough to use directly as AES keys. Instead these are passed to > > a key-derivation function. OpenSSL uses PBKDF2 from PKCS#5 v2.1 > > > > http://en.wikipedia.org/wiki/PBKDF2 > > > > The API entry point (still to be documented) is: > > > > src/distro/crypto/evp/p5_crpt2.c: > > PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key) > > Hi: > thanks for your help. > I have another questions about aes: > > The round# is set according to the bits we pass to AES_set_encrypt_key. > And Nk*round# keys are also produced well in it. > But how about Nb, the number of column in state? > (in 128, 192 and 256 bits block plaintext, the Nb, column# of state is 4,6,8.) Yes, but AES implementation used in OpenSSL supports only 128 bit block (16 bytes). So, in this implementation Nb is always 4 (4 32-bit words). Best regards, -- Marek Marcola <marek.marc...@malkom.pl> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
