Ok friends. I'm back after trying out EVP stuff. Here's my code:
DECRYPT
int wfd;
if((wfd = creat("/etc/rgconf_encrypted",0644)) == -1) {
console_printf("Couldn't open output file for writingn");
}else{
console_printf("\nuser input encrypted file len =
%d\n",strlen(buf)); //buf is encrypted data from some other routine
write(wfd,buf,strlen(buf));
close(wfd);
}
console_printf("\ndecode3 returned %d\n",decode3()); //decode3
decrypts "/etc/rgconf_encrypted" and saves to "/etc/rgconf_decrypted"
FILE *file;
char *buffer=NULL;
unsigned long fileLen;
file = fopen("/etc/rgconf_decrypted", "r");
if (!file)
{
console_printf("Unable to open file\n");
}else{
//Get file length
fseek(file, 0, SEEK_END);
fileLen=ftell(file);
rewind (file);
console_printf("decrypted file len = %lu\n",fileLen);
//Allocate memory
buffer=(char *)malloc(fileLen+1); // +1 for null terminated
string
if (!buffer)
{
console_printf("Memory error!\n");
}else{
//Read file contents into buffer
console_printf("\nRead in buffer no. of bytes =
%d\n",fread(buffer, 1, fileLen, file)); //read file in buffer
buffer[fileLen] = 0;
//do something with buffer here...
free(buffer);
}
fclose(file);
unlink("/etc/rgconf_encrypted");
unlink("/etc/rgconf_decrypted");
}
ENCRYPT
char *buffer = NULL;
int wfd;
if((wfd = creat("/etc/rgconf",0644) ) == -1) {
console_printf("Couldn't open output file for writing");
}else{
write(wfd,rg_conf_buf,strlen(rg_conf_buf)); //rg_conf_buf is read
from some other supplier routine
close(wfd);
console_printf("\nencode3 returned %d\n",encode3()); //encode3
encrypts "/etc/rgconf" in AES-256 CBC and saves to "/etc/rgconf_encrypted"
//read the encrypted file in a buffer to be sent
FILE *file;
unsigned long fileLen;
file = fopen("/etc/rgconf_encrypted", "r");
if (!file)
{
console_printf("Unable to open file\n");
}else{
//Get file length
fseek(file, 0, SEEK_END);
fileLen=ftell(file);
rewind (file);
console_printf("encrypted file len = %lu\n",fileLen);
//Allocate memory
buffer=(char *)malloc(fileLen);
if (!buffer)
{
console_printf("Memory error!\n");
}else{
//Read file contents into buffer
console_printf("\nRead in buffer no. of bytes =
%d\n",fread(buffer, 1, fileLen, file)); //read file in buffer
//send the buffer containing encrypted data back to user
free(buffer);
}
fclose(file);
unlink("/etc/rgconf");
unlink("/etc/rgconf_encrypted");
}
}
I have tested encode3 and decode3 to work fine with their encrypting and
decrypting functions. I wrote some stuff to a file, encrypted it using
encode3, saved to file2 and decrypted file2 using decode3 to file3. the
contents of file and file3 are same. So I know my EVP logic is working fine.
But this is only when I'm working on the files stored on the disk.
Actually, my application has an interface with the user through a web
server. So I upload and download data to the application through a browser
using files. The user needs some data encrypted so application fetches it
from some database in a file, encrypts it and sends it to the browser from
where it can be downloaded in a file on the disk. Similarly, the user feeds
a file containing encrypted data to web interface and application decrypts
the data and updates the database.
What I see happening is this:
ENCRYPT - size of /etc/rgconf on disk is 157043 bytes
ENCRYPT - size of /etc/rgconf_encrypted on disk is 157044 bytes.
BROWSER saves the file to disk - size is 136 bytes (How ???)
..............this is a Windows machine
user feeds the same file
traces from DECRYPT -
user input encrypted file len = 136
Trouble with unpadding the last block
decrypted file len = 128
Read in buffer no. of bytes = 128
1) Why could I be seeing different lengths of data on linux and windows ?
2) 136 byte encrypted data is turned into 128 byte decrypted data....how ???
Would be nice if you could provide pointers to this problem or if I need to
do something extra here.
Thanks again,
Kunal
On Fri, May 21, 2010 at 6:32 PM, ~ Kunal Sharma ~ <koolku...@gmail.com>wrote:
> Thanks Jeff, Carter.
>
> I'm in the process of trying out EVP routines to do my stuff now. Will post
> an update once I'm done.
>
> Thanks again for your time.
> - Kunal
>
>
> On Fri, May 21, 2010 at 5:55 PM, Carter Browne <cbro...@cbcs-usa.com>wrote:
>
>> Kunal,
>>
>> If your data can include NULs, you should not use strlen to calculate the
>> length of the buffer, you need to provide the length in some other way - in
>> your example presumably as an additional parameter.
>>
>> Carter
>>
>> Carter Browne
>> cbcscbro...@cbcs-usa.com
>> 781-721-2890
>>
>>
>> On 5/21/2010 2:30 AM, ~ Kunal Sharma ~ wrote:
>>
>> David,
>>
>> Thanks for taking out time to review my code and reply.
>>
>> 1) I agree that using sizeof was a blunder on my part.
>> 2) I'm calling decode2 with rg_conf_buf_dup and rg_conf_buf_dup_2, second
>> one being the output buffer. So I'm certain that I don't modify the input
>> buffer (though I just zero out only the part of my output buffer due to
>> sizeof thing).
>>
>> I was also wondering about the cipher block size. I was thinking of
>> using 16 as block size, read the input buffer in chunks of block size one at
>> a time, decrypt, copy and append to the output buffer. Do you think that
>> would work ? Could I then use the buffer holding decrypted data in the
>> decode2 function and get the original data back ? How can I get the size of
>> decrypted buffer - strlen wouldn't work, I suppose ?
>>
>> Thanks,
>> Kunal
>>
>>
>> On Thu, May 20, 2010 at 8:38 PM, David Schwartz <dav...@webmaster.com>wrote:
>>
>>>
>>> Kunal Sharma wrote:
>>>
>>>
>>> void encode2(char *inbuf,char *outbuf)
>>> {
>>> unsigned char key32[] = "As different as chalk and cheese";
>>> unsigned char iv[] = "As dark as pitch";
>>>
>>> AES_KEY aeskey;
>>>
>>> memset(outbuf, 0, sizeof(outbuf));
>>>
>>> AES_set_encrypt_key(key32, 32*8, &aeskey);
>>>
>>> AES_cbc_encrypt(inbuf, outbuf, strlen(inbuf), &aeskey, iv,
>>> AES_ENCRYPT);
>>>
>>> return;
>>> }
>>>
>>> You can't mean 'sizeof(outbuf)' -- 'outbuf' is a *pointer* to the output
>>> buffer. What does the size of that pointer have to do with anything?
>>>
>>> void decode2(char *inbuf,char *outbuf,int len)
>>> {
>>> unsigned char key32[] = "As different as chalk and cheese";
>>> unsigned char iv[] = "As dark as pitch";
>>>
>>> AES_KEY aeskey;
>>>
>>> memset(outbuf, 0, sizeof(outbuf));
>>>
>>> AES_set_decrypt_key(key32, 32*8, &aeskey);
>>>
>>> AES_cbc_encrypt(inbuf, outbuf, len, &aeskey, iv, AES_DECRYPT);
>>>
>>> return;
>>> }
>>>
>>> Same use of 'sizeof(outbuf)' where that makes no sense (what does the
>>> size
>>> of the pointer to the output buffer have to do with anything?). Also,
>>> what
>>> happens if the plaintext is not a precise multiple of the cipher block
>>> size?
>>>
>>> It seems like you have picked a low-level encryption/decryption function
>>> where you wanted a high-level one.
>>>
>>> Also, you have one amusing boner. Your 'decode2' function tries to zero
>>> the
>>> output buffer, but actually only zeroes part of it. But you call it with
>>> the
>>> output buffer and input buffer the same! So you are actually erasing part
>>> of
>>> your input buffer before you use it!
>>>
>>> DS
>>>
>>> ______________________________________________________________________
>>> OpenSSL Project http://www.openssl.org
>>> User Support Mailing List openssl-users@openssl.org
>>> Automated List Manager majord...@openssl.org
>>>
>>
>>
>
