diff options
Diffstat (limited to 'doc/cipher.m')
-rw-r--r-- | doc/cipher.m | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/doc/cipher.m b/doc/cipher.m new file mode 100644 index 0000000000..9f74917135 --- /dev/null +++ b/doc/cipher.m @@ -0,0 +1,128 @@ +From ssl-lists-owner@mincom.com Tue Oct 15 18:16:14 1996 +Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11550 + (5.65c/IDA-1.4.4 for eay); Tue, 15 Oct 1996 08:17:41 +1000 +Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id IAA12472 for ssl-users-outgoing; Tue, 15 Oct 1996 08:16:35 +1000 (EST) +Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id IAA12463 for <ssl-users@listserv.mincom.oz.au>; Tue, 15 Oct 1996 08:16:32 +1000 (EST) +Received: by orb.mincom.oz.au id AA11544 + (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Tue, 15 Oct 1996 08:16:15 +1000 +Date: Tue, 15 Oct 1996 08:16:14 +1000 (EST) +From: Eric Young <eay@mincom.com> +X-Sender: eay@orb +To: Roland Haring <rharing@tandem.cl> +Cc: ssl-users@mincom.com +Subject: Re: Symmetric encryption with ssleay +In-Reply-To: <m0vBpyq-00001aC@tandemnet.tandem.cl> +Message-Id: <Pine.SOL.3.91.961015075623.11394A-100000@orb> +Mime-Version: 1.0 +Content-Type: TEXT/PLAIN; charset=US-ASCII +Sender: ssl-lists-owner@mincom.com +Precedence: bulk +Status: RO +X-Status: + + +On Fri, 11 Oct 1996, Roland Haring wrote: +> THE_POINT: +> Would somebody be so kind to give me the minimum basic +> calls I need to do to libcrypto.a to get some text encrypted +> and decrypted again? ...hopefully with code included to do +> base64 encryption and decryption ... e.g. that sign-it.c code +> posted some while ago was a big help :-) (please, do not point +> me to apps/enc.c where I suspect my Heissenbug to be hidden :-) + +Ok, the base64 encoding stuff in 'enc.c' does the wrong thing sometimes +when the data is less than a line long (this is for decoding). I'll dig +up the exact fix today and post it. I am taking longer on 0.6.5 than I +intended so I'll just post this patch. + +The documentation to read is in +doc/cipher.doc, +doc/encode.doc (very sparse :-). +and perhaps +doc/digest.doc, + +The basic calls to encrypt with say triple DES are + +Given +char key[EVP_MAX_KEY_LENGTH]; +char iv[EVP_MAX_IV_LENGTH]; +EVP_CIPHER_CTX ctx; +unsigned char out[512+8]; +int outl; + +/* optional generation of key/iv data from text password using md5 + * via an upward compatable verson of PKCS#5. */ +EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd), + key,iv); + +/* Initalise the EVP_CIPHER_CTX */ +EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv); + +while (....) + { + /* This is processing 512 bytes at a time, the bytes are being + * copied into 'out', outl bytes are output. 'out' should not be the + * same as 'in' for reasons mentioned in the documentation. */ + EVP_EncryptUpdate(ctx,out,&outl,in,512); + } + +/* Output the last 'block'. If the cipher is a block cipher, the last + * block is encoded in such a way so that a wrong decryption will normally be + * detected - again, one of the PKCS standards. */ + +EVP_EncryptFinal(ctx,out,&outl); + +To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal() +will return 0 if the decryption fails (only detectable on block ciphers). + +You can also use +EVP_CipherInit() +EVP_CipherUpdate() +EVP_CipherFinal() +which does either encryption or decryption depending on an extra +parameter to EVP_CipherInit(). + + +To do the base64 encoding, +EVP_EncodeInit() +EVP_EncodeUpdate() +EVP_EncodeFinal() + +EVP_DecodeInit() +EVP_DecodeUpdate() +EVP_DecodeFinal() + +where the encoding is quite simple, but the decoding can be a bit more +fun (due to dud input). + +EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the +'last line' was just processed, and 1 if more lines should be submitted. + +EVP_DecodeFinal() returns -1 for an error or 1 if things are ok. + +So the loop becomes +EVP_DecodeInit(....) +for (;;) + { + i=EVP_DecodeUpdate(....); + if (i < 0) goto err; + + /* process the data */ + + if (i == 0) break; + } +EVP_DecodeFinal(....); +/* process the data */ + +The problem in 'enc.c' is that I was stuff the processing up after the +EVP_DecodeFinal(...) when the for(..) loop was not being run (one line of +base64 data) and this was because 'enc.c' tries to scan over a file until +it hits the first valid base64 encoded line. + +hope this helps a bit. +eric +-- +Eric Young | BOOL is tri-state according to Bill Gates. +AARNet: eay@mincom.oz.au | RTFM Win32 GetMessage(). + + |