OpenSSL EVP_CIPHER_CTX updated IV

Question

OpenSSL EVP_CIPHER_CTX updated IV

I am using the OpenSSL EVP_Encrypt API with AES_ctr_128 mode. I am trying to get an updated (generated counter) In OpenSSL 1.1.0 we CANNOT just:

    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    /*
    EVP_EncryptInit(ctx, ...);
    EVP_EncryptUpdate(ctx, ...);
    EVP_EncryptFinal(ctx, ...);
    */
    memcpy(iv, ctx->iv, sizeof(ctx->iv);

since the ctx structure is hidden (getting an incomplete type error with the above code).

There is also no API for this field.

Is there a way to get the updated IV buffer stored in the EVP_CIPHER_ctx (Incremented IV) structure?

+3

cryptography openssl encryption aes

A.Kryeem 07 Aug 17 at 13:28

source to share

1 answer

Maarten bodewes · Answer 1 · 2017-08-07T20:12:10+0000

For IV alone, it is sufficient if you write a fixed number of blocks (with a block size of 16 for AES) for encryption. Therefore, you need to keep track of the amount of recorded data anyway.

To get the counter value, it's easier for you if you just calculate it yourself. Then you can restart the encryption stream for a specific IV. Note that you will still have to skip the amount of plain or ciphertext, for example by encrypting null bytes, before you can proceed with the operation.

So, to calculate the value of the counter, simply adding IV to the number of complete blocks processed: len(pt) / n

where len

- the length in bytes and n = 16

using integer division. An IV consists of a nonce and a starting counter as a fixed-size large number. So you can just add each IV byte with every integer byte, taking a possible right-to-left carry (high index for least significant byte, low index for most significant byte).

To calculate how many bytes you need to skip (e.g. encrypt / decrypt before the keystream is synchronized again, you just calculate len(pt) % n

where %

is the remainder or modulus operator.

OpenSSL EVP_CIPHER_CTX updated IV

More articles: