c - AES encryption using openssl -

i'm trying encrypt using openssl aes encryption function.

here's code:

#include <stdio.h> #include <openssl/aes.h> #include <string.h>  const static unsigned char aes_key[]={"passwordpasswor"}; //15 characters + \0 void print_data(const char *tittle, const void* data, int len);  int main() { unsigned char aes_input[]="#!/bin/bash\necho hello world"; unsigned char iv[aes_block_size]; memset (iv,0x00,aes_block_size); unsigned char enc_out[sizeof(aes_input)]; unsigned char dec_out[sizeof(aes_input)]; aes_key enc_key,dec_key; aes_set_encrypt_key(aes_key,sizeof(aes_key)*8,&enc_key); aes_cbc_encrypt(aes_input,enc_out,sizeof(aes_input),&enc_key,iv,aes_encrypt); //decryption memset(iv,0x00,aes_block_size); aes_set_decrypt_key(aes_key,sizeof(aes_key)*8,&dec_key); aes_cbc_encrypt(enc_out,dec_out,sizeof(aes_input),&dec_key,iv,aes_decrypt); //verify printf("original %s\n",aes_input); printf("encrypted %s\n",enc_out); printf("decrypted %s\n",dec_out); return 0; } 

the code produces following output (with newline between each clarity):

original #!/bin/bash echo hello world  encrypted ���jv�.)��$i���b�:dmpvtqޜ�#!/bin/bash echo hello world  decrypted #!/bin/bash echo hello world 

i've tried other messages, seems encryption message show original message if used printf.

you're trying dump non-printable data terminal device, , doing using library call expects null-termination. output of aes encryption can contain bytes of any value (including embedded nullchar values)

you need following:

• properly size output buffer size. default aes_cbc_encrypt uses pkcs padding , use 1 full additional block padding data.
• dump output using alternative mechanism, such trivial hexdump routine.

both of above done below:

#include <stdio.h> #include <openssl/aes.h> #include <string.h>  static hex_print(const void *pv, size_t len) {     static const char alpha[] = "0123456789abcdef";     const unsigned char *beg = pv, *end = beg+len;      (; beg != end; ++beg)     {         putc(alpha[(*beg >> 4) & 0xf], stdout);         putc(alpha[*beg & 0xf], stdout);     }     putc('\n', stdout); }  const static unsigned char aes_key[]={"passwordpasswor"}; //15 characters + \0 void print_data(const char *tittle, const void* data, int len);  int main() {     unsigned char aes_input[]="#!/bin/bash\necho hello world";     unsigned char enc_out[aes_block_size * ((sizeof(aes_input) + aes_block_size)/aes_block_size)];     unsigned char dec_out[sizeof(aes_input)];     unsigned char iv[aes_block_size] = {0};      aes_key enc_key,dec_key;     aes_set_encrypt_key(aes_key,sizeof(aes_key)*8,&enc_key);     aes_cbc_encrypt(aes_input,enc_out,sizeof(aes_input),&enc_key,iv,aes_encrypt);      //decryption     memset(iv,0x00,aes_block_size);     aes_set_decrypt_key(aes_key,sizeof(aes_key)*8,&dec_key);     aes_cbc_encrypt(enc_out,dec_out,sizeof(aes_input),&dec_key,iv,aes_decrypt);      //verify     printf("original %s\n",aes_input);     hex_print(enc_out, sizeof enc_out);     printf("decrypted %s\n",dec_out);     return 0; } 

output

original #!/bin/bash echo hello world e389c96a76d708b42e29b4b4052449f1ffc762db3a646d1650765451de9c1dd0 decrypted #!/bin/bash echo hello world 

note in particular last byte of encryption. isn't 00, means printf call incorrectly using marching beyond buffer , land of undefined behavior. in fact, there no nullchar bytes in string (it different, yet closely-related problem when there is embedded 00 in middle of data, in case printf have stopped prematurely.

in case, can speculate (with little value; such nature of undefined behavior) march took printf next automatic variable on stack, decrypted array.

modifying output sequence use all hex output demonstrate difference between plaintext , encrypted data. example, changing last 3 functional lines of program to:

//verify hex_print(aes_input, sizeof(aes_input)); hex_print(enc_out, sizeof enc_out); hex_print(dec_out, sizeof(dec_out)); 

will deliver following output:

23212f62696e2f626173680a6563686f2068656c6c6f20776f726c6400 e389c96a76d708b42e29b4b4052449f1ffc762db3a646d1650765451de9c1dd0 23212f62696e2f626173680a6563686f2068656c6c6f20776f726c6400 

which makes sense. if walk bytes (two digits per) in original , decrypted strings can see they're (a) equal, (b) not equal cipher text, , (c), little time in ascii table show indeed original text message.

best of luck.