Test Vectors for AES-128-ECB and OpenSSL

2
votes

I am running one of the test vectors for AES-128-ECB given at http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf . I am storing the plain text in "plain" file and resultant encrypted text in "cipher" file. OpenSSL being used by me is not build with FIPS support. I am unable to get results given in the test vector. Am I doing something wrong or is this expected result for OpenSSL without FIPS support ? Thanks,

Test Vector

Key 2b7e151628aed2a6abf7158809cf4f3c <===Key

Block #1

Plaintext 6bc1bee22e409f96e93d7e117393172a <==Plaintext

Input Block 6bc1bee22e409f96e93d7e117393172a

Output Block 3ad77bb40d7a3660a89ecaf32466ef97

Ciphertext 3ad77bb40d7a3660a89ecaf324 <== Ciphertext

My Results

[root@fn] echo 6bc1bee22e409f96e93d7e117393172a > plain

[root@fn] cat plain

6bc1bee22e409f96e93d7e117393172a

[root@fn] openssl enc -aes-128-ecb -p -nosalt -K 2b7e151628aed2a6abf7158809cf4f3c -in plain -out cipher

key=2B7E151628AED2A6ABF7158809CF4F3C

[root@fn] cat cipher

�w*E�苅�Pg���

[root@fn] hexdump -C cipher

00000000 cc fd 74 a0 75 78 42 23 4c cb ef 59 85 af 68 b1 <===

00000010 5f c0 01 83 c0 e8 73 8b e4 6a 73 e8 58 36 9b 4d

00000020 cb 77 1e 2a 45 1b 61 dd 85 1a f0 50 67 ab cf fc

00000030

1
encryptionopensslaesfips
Your title says CBC but the test you quote, and attempt, is ECB. Also you quoted the Ciphertext wrong; it should be identical to the Output Block.dave_thompson_085
@dave_thompson_085 , Thanks for pointing out corrections. I will edit the question to fix these mistakes.user2363993
Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See What topics can I ask about here in the Help Center. Perhaps Super User or Information Security Stack Exchange would be a better place to ask.jww

1 Answers

2
votes

The AES-128 standard has a block size of 128/8=16 bytes. That means that the plaintext, the key, and the cipher, which you saw on that link are in represented in hex(32 chars length each). If you want to achieve the same results as on that link you will have to decode your plaintext from hex back to ascii chars; otherwise the openssl will consider your hexadecimal representation as ascii chars and will encrypt that, hence you will end up with(as you can notice in your result) 3x16 encrypted bytes, 2x16 bytes for your plaintext(which is 32 bytes because is in its hexadecimal representation), and 1x16 bytes is for padding(PKCS#7 standard requires it)

So try to transform your plaintext back to ascii chars; run the folowing commands in shell:

python -c "print '6bc1bee22e409f96e93d7e117393172a'.decode('hex')" > plaintext
openssl enc -aes-128-ecb -p -nosalt -K 2b7e151628aed2a6abf7158809cf4f3c -in plaintext -out ciphertext
hexdump -C ciphertext

The result from the last command will look like:

00000000  3a d7 7b b4 0d 7a 36 60  a8 9e ca f3 24 66 ef 97
00000010  cb 77 1e 2a 45 1b 61 dd  85 1a f0 50 67 ab cf fc

The last 16 bytes are the padding, as per PKCS#7 standard. This standard "forces" the encryption algorithm to always add padding to your plain text before encrypting it, according to the following formula: padding_length = block_size - plaintext_length%block_size, and the padded char will be the ascii char representation of padding_length