0

Due to a conflict I need to migrate CryptLib to OpenSSL.

I (think I) found some of the differences I need as shown below in the format of cryptlib_function => openssl_function

aes_encrypt_key256() => AES_set_encrypt_key();
derive_key() => PKCS5_PBKDF2_HMAC_SHA1();

The one I'm not sure about is:

aes_mode_reset() => ???????
aes_ctr_crypt() => ????

The note in cryptlib says in there:

/* ... To reset CFB, OFB and CTR    */
/* without setting the key, aes_mode_reset() must be called and the */
/* IV must be set. ... */

Looking for aes_ctr I see a AES_ctr128_encrypt and a hidden away 'aes_ctr_cipher` but not sure if they are a match. the 128 has me thinking maybe openssl is limited to aes128 and doesn't support aes256 which I need, which means I guess I'll be migrating the openssl part over to cryptlib.

In any case, what would be the way to reset the mode (is it just to clear the IV before calling again?). Thanks!!

user3161924
  • 1,849
  • 18
  • 33
  • It appears the ctr128 refers to the width of the iv/counter and that function just calls CRYPTO_ctr128_encrypt. – user3161924 Jul 06 '16 at 22:38
  • CRYPTO_ctr128_encrypt_ctr32 is close but not as flexible as aes_ctr_crypt() - also it uses MSB so need to adjust variable output. The mode can be reset each call to the CRYPTO_ctr128_encrypt by simply leaving num zero. The e_count and num work together so the e_count buffer has up to 15 bytes of unaligned (16) data and num is how many are already used. So passing num=0 each time is like the aes_mode_reset(). – user3161924 Jul 08 '16 at 06:23

0 Answers0