I used the EVP functions that provides a high level interface to OpenSSL cryptographic functions to write a library that performs encryption and decryption operations. This library uses EVP_aes_128_gcm for encryption and decryption purposes.
I was able to provide the Key, IV, AAD, Plain Text and get the cipher text, tag successfully.
However, the problem comes when I just want to authenticate the AAD but doesn't want any encryption. So I took the below test cases from NIST
Key = 77be63708971c4e240d1cb79e8d77feb
IV = e0e00f19fed7ba0136a797f3
AAD = 7a43ec1d9c0a5a78a0b16533a6213cab
Tag = 209fcc8d3675ed938e9c7166709dd946
PT =
CT =
Now I am getting the return value on EVP_EncryptFinal_ex API as 0 which is an error atleast as per the documentation:
EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() return 1 for success and 0 for failure.
However, when I tried to print the error, I don't get any error:
EVP_EncryptFinal_ex failed - OpenSSL error: error:00000000:lib(0):func(0):reason(0)
int ret = EVP_EncryptFinal_ex(ctx, outbuf + outlen, &outlen);
if (ret <= 0)
{
printf("EVP_EncryptFinal_ex failed - OpenSSL error: %s", ERR_error_string(ERR_get_error(), nullptr));
return -1;
}
One more interesting point is that if I don't check the return code and get the tag afterwards, I am getting correct tag as 209fcc8d3675ed938e9c7166709dd946
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, tag)) {
printf("EVP_CIPHER_CTX_ctrl: failed\n");
return -1;
}
Also, I am using AES-GCM, so there is no padding. So the below statement is not valid for this scenario:
If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more data and it will return an error if any data remains in a partial block: that is if the total data length is not a multiple of the block size.
Any ideas where I can be doing wrong?
Aucun commentaire:
Enregistrer un commentaire