Sortix cisortix manual
This manual documents Sortix cisortix. You can instead view this document in the latest official manual.
NAME
EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_cleanup, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX_free, EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_EncryptInit, EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal, EVP_Cipher, EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags, EVP_CIPHER_CTX_test_flags, EVP_CIPHER_CTX_set_padding, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_rand_key, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_iv, EVP_CIPHER_CTX_set_iv, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_enc_null, EVP_idea_cbc, EVP_idea_ecb, EVP_idea_cfb64, EVP_idea_cfb, EVP_idea_ofb, EVP_rc2_cbc, EVP_rc2_ecb, EVP_rc2_cfb64, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc, EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb64, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc, EVP_cast5_ecb, EVP_cast5_cfb64, EVP_cast5_cfb, EVP_cast5_ofb, EVP_chacha20 — EVP cipher routinesSYNOPSIS
#include <openssl/evp.h>EVP_CIPHER_CTX_new(void);
EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv);
EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl);
EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv);
EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl);
EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl);
EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv);
EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv);
EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv, int enc);
EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl);
EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
EVP_CIPHER_CTX_test_flags(EVP_CIPHER_CTX *ctx, int flags);
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
EVP_get_cipherbyname(const char *name);
EVP_get_cipherbynid(int nid);
EVP_get_cipherbyobj(const ASN1_OBJECT *a);
EVP_CIPHER_nid(const EVP_CIPHER *e);
EVP_CIPHER_block_size(const EVP_CIPHER *e);
EVP_CIPHER_key_length(const EVP_CIPHER *e);
EVP_CIPHER_iv_length(const EVP_CIPHER *e);
EVP_CIPHER_flags(const EVP_CIPHER *e);
EVP_CIPHER_mode(const EVP_CIPHER *e);
EVP_CIPHER_type(const EVP_CIPHER *ctx);
EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len);
EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len);
EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
DESCRIPTION
The EVP cipher routines are a high level interface to certain symmetric ciphers.RETURN VALUES
EVP_CIPHER_CTX_new() returns a pointer to a newly created EVP_CIPHER_CTX for success or NULL for failure.CIPHER LISTING
All algorithms have a fixed key length unless otherwise stated.- EVP_enc_null()
- Null cipher: does nothing.
- EVP_idea_cbc(), EVP_idea_ecb(), EVP_idea_cfb64(), EVP_idea_ofb()
- IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. EVP_idea_cfb() is an alias for EVP_idea_cfb64(), implemented as a macro.
- EVP_rc2_cbc(), EVP_rc2_ecb(), EVP_rc2_cfb64(), EVP_rc2_ofb()
- RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length cipher with an additional parameter called "effective key bits" or "effective key length". By default both are set to 128 bits. EVP_rc2_cfb() is an alias for EVP_rc2_cfb64(), implemented as a macro.
- EVP_rc2_40_cbc(), EVP_rc2_64_cbc()
- RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits. These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length(), and EVP_CIPHER_CTX_ctrl() to set the key length and effective key length.
- EVP_bf_cbc(), EVP_bf_ecb(), EVP_bf_cfb64(), EVP_bf_ofb()
- Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length cipher. EVP_bf_cfb() is an alias for EVP_bf_cfb64(), implemented as a macro.
- EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb64(), EVP_cast5_ofb()
- CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length cipher. EVP_cast5_cfb() is an alias for EVP_cast5_cfb64(), implemented as a macro.
- EVP_chacha20()
- The ChaCha20 stream cipher. The key length is 256 bits. The first 32 bits of the 128-bit IV are used as a counter, and the remaining 96 bits as a nonce.
GCM mode
For GCM mode ciphers, the behaviour of the EVP interface is subtly altered and several additional ctrl operations are supported.- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL)
- Sets the IV length: this call can only be made before specifying an IV. If not called, a default IV length is used. For GCM AES the default is 12, i.e. 96 bits.
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, taglen, tag)
- Writes taglen bytes of the tag value to the buffer indicated by tag. This call can only be made when encrypting data and after all data has been processed, e.g. after an EVP_EncryptFinal() call.
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag)
- Sets the expected tag to taglen bytes from tag. This call is only legal when decrypting data and must be made before any data is processed, e.g. before any EVP_DecryptUpdate call.
CCM mode
The behaviour of CCM mode ciphers is similar to GCM mode, but with a few additional requirements and different ctrl values.and
out) set to NULL and the length passed in the inl parameter.- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, taglen, tag)
- This call is made to set the expected CCM tag value when decrypting or the length of the tag (with the tag parameter set to NULL) when encrypting. The tag length is often referred to as M. If not set, a default value is used (12 for AES).
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)
- Sets the CCM L value. If not set, a default is used (8 for AES).
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, ivlen, NULL)
- Sets the CCM nonce (IV) length: this call can only be made before specifying a nonce value. The nonce length is given by 15 - L so it is 7 by default for AES.
EXAMPLES
Encrypt a string using blowfish:int do_crypt(char *outfile) { unsigned char outbuf[1024]; int outlen, tmplen; /* * Bogus key and IV: we'd normally set these from * another source. */ unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; unsigned char iv[] = {1,2,3,4,5,6,7,8}; const char intext[] = "Some Crypto Text"; EVP_CIPHER_CTX *ctx; FILE *out; ctx = EVP_CIPHER_CTX_new(); EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, key, iv); if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; } /* * Buffer passed to EVP_EncryptFinal() must be after data just * encrypted to avoid overwriting it. */ if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; } outlen += tmplen; EVP_CIPHER_CTX_free(ctx); /* * Need binary mode for fopen because encrypted data is * binary data. Also cannot use strlen() on it because * it won't be NUL terminated and may contain embedded * NULs. */ out = fopen(outfile, "wb"); if (out == NULL) { /* Error */ return 0; } fwrite(outbuf, 1, outlen, out); fclose(out); return 1; }
openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F \ -iv 0102030405060708 -d
int do_crypt(FILE *in, FILE *out, int do_encrypt) { /* Allow enough space in output buffer for additional block */ unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; int inlen, outlen; EVP_CIPHER_CTX *ctx; /* * Bogus key and IV: we'd normally set these from * another source. */ unsigned char key[] = "0123456789abcdeF"; unsigned char iv[] = "1234567887654321"; ctx = EVP_CIPHER_CTX_new(); EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, do_encrypt); EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt); for (;;) { inlen = fread(inbuf, 1, 1024, in); if (inlen <= 0) break; if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; } fwrite(outbuf, 1, outlen, out); } if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; } fwrite(outbuf, 1, outlen, out); EVP_CIPHER_CTX_free(ctx); return 1; }