I used the EVP functions that provides a high level interface to OpenSSL cryptographic functions to write a library that performs encryption and decryption operations. This library uses EVP_aes_128_gcm for encryption and decryption purposes.
I was able to provide the Key, IV, AAD, Plain Text and get the cipher text, tag successfully.
However, the problem comes when I just want to authenticate the AAD but doesn't want any encryption. So I took the below test cases from NIST
Key = 77be63708971c4e240d1cb79e8d77feb
IV = e0e00f19fed7ba0136a797f3
AAD = 7a43ec1d9c0a5a78a0b16533a6213cab
Tag = 209fcc8d3675ed938e9c7166709dd946
PT =
CT =
Now I am getting the return value on EVP_EncryptFinal_ex API as 0 which is an error atleast as per the documentation:
EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() return 1 for success and 0 for failure.
However, when I tried to print the error, I don't get any error:
EVP_EncryptFinal_ex failed - OpenSSL error: error:00000000:lib(0):func(0):reason(0)
int ret = EVP_EncryptFinal_ex(ctx, outbuf + outlen, &outlen);
if (ret <= 0)
{
printf("EVP_EncryptFinal_ex failed - OpenSSL error: %s", ERR_error_string(ERR_get_error(), nullptr));
return -1;
}
One more interesting point is that if I don't check the return code and get the tag afterwards, I am getting correct tag as 209fcc8d3675ed938e9c7166709dd946
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, tag)) {
printf("EVP_CIPHER_CTX_ctrl: failed\n");
return -1;
}
Also, I am using AES-GCM, so there is no padding. So the below statement is not valid for this scenario:
If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more data and it will return an error if any data remains in a partial block: that is if the total data length is not a multiple of the block size.
Any ideas where I can be doing wrong?
It seems that I calling the EVP_EncryptUpdate on an empty plaintext after AAD sometimes causes the problems. However, removing the API EVP_EncryptUpdate on empty plain text resolves the problem.
You can find the complete code sample below:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <vector>
int main()
{
constexpr int TAG_LENGTH = 16;
const std::vector<uint8_t> key{0x77,0xbe,0x63,0x70,0x89,0x71,0xc4,0xe2,0x40,0xd1,0xcb,0x79,0xe8,0xd7,0x7f,0xeb};
const std::vector<uint8_t> iv{0xe0,0xe0,0x0f,0x19,0xfe,0xd7,0xba,0x01,0x36,0xa7,0x97,0xf3};
const std::vector<uint8_t> aad{0x7a,0x43,0xec,0x1d,0x9c,0x0a,0x5a,0x78,0xa0,0xb1,0x65,0x33,0xa6,0x21,0x3c,0xab};
const std::vector<uint8_t> expected_tag{0x20,0x9f,0xcc,0x8d,0x36,0x75,0xed,0x93,0x8e,0x9c,0x71,0x66,0x70,0x9d,0xd9,0x46};
std::vector<uint8_t> actualtag;
actualtag.resize(TAG_LENGTH);
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
if (ctx == nullptr)
{
printf("EVP_CIPHER_CTX_new: OpenSSL error: %s", ERR_error_string(ERR_get_error(), nullptr));
return EXIT_FAILURE;
}
if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), nullptr, nullptr, nullptr))
{
printf("EVP_EncryptInit_ex: OpenSSL error: %s", ERR_error_string(ERR_get_error(), nullptr));
return EXIT_FAILURE;
}
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv.size(), nullptr))
{
printf("EVP_CIPHER_CTX_ctrl: OpenSSL error: %s", ERR_error_string(ERR_get_error(), nullptr));
return EXIT_FAILURE;
}
if (!EVP_EncryptInit_ex(ctx, nullptr, nullptr, key.data(), iv.data()))
{
printf("EVP_EncryptInit_ex: OpenSSL error: %s", ERR_error_string(ERR_get_error(), nullptr));
return EXIT_FAILURE;
}
int length = 0;
if (!EVP_EncryptUpdate(ctx, nullptr, &length, aad.data(), aad.size()))
{
printf("EVP_EncryptUpdate: OpenSSL error: %s", ERR_error_string(ERR_get_error(), nullptr));
return EXIT_FAILURE;
}
if (!EVP_EncryptFinal_ex(ctx, nullptr, &length))
{
printf("EVP_EncryptFinal_ex: OpenSSL error: %s", ERR_error_string(ERR_get_error(), nullptr));
return EXIT_FAILURE;
}
/* Get tag */
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, TAG_LENGTH, actualtag.data()))
{
printf("EVP_CIPHER_CTX_ctrl: OpenSSL error: %s", ERR_error_string(ERR_get_error(), nullptr));
return EXIT_FAILURE;
}
printf("Actual Tag: ");
for (auto i: actualtag)
printf("%02hhx", i);
printf("\n");
printf("Expected Tag: ");
for (auto i: expected_tag)
printf("%02hhx", i);
printf("\n");
EVP_CIPHER_CTX_free(ctx);
return EXIT_SUCCESS;
}