Skip to main content

Crypto: Encrypt and decrypt with AES-128 CTR

Relevant previous posts:

I needed a way how to encrypt and decrypt some data. I have chosen a symmetric encryption via AES, because asymmetric encryption would take too long. Moreover, the fact that symmetric encryption produces the exat same number of bytes was very beneficial for my use case.

In the code below, I use AES-128 in CTR mode. The reason for not using GCM (as you normally should!) is because I wanted to jump anywhere in the encrypted data and simply read a block.

For example, imagine that you are encrypting 1GB of data. With GCM, in order to decrypt the next block of data, you need to first decrypt the current block of data. You can not simply jump to any offset. With CTR you can, because the block is not dependent on the previous block.

There is an overhead that you need to store the initialization vector somewhere, for example with the data.

You could do similar with the GCM, where you have a “super block” of some MB size. If you want to jump to some position, you start decoding from the start of the “super block”, not from the global start.

For my use case it was easier to use CTR mode and store the initialization vector with the data.

Note! I am not a cryptography expert. Don’t use this for production. I am simply sharing what I have used and what worked in my very specific use case. Do your own research first.

Moreover, don’t reinvent cryptography from scratch, use an already existing solutions (not this).

Header:

#pragma once

#include <array>
#include <memory>
#include <string>
#include <vector>

typedef struct evp_cipher_st EVP_CIPHER;
typedef struct evp_md_st EVP_MD;
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;

class AES {
public:
    static constexpr size_t ivecLength = 16;
    static constexpr size_t keyLength = 16;

    explicit AES(const std::vector<uint8_t>& sharedKey);
    ~AES();

    // Encrypt data from `src` of some `size` and put the encrypted data to `dst`.
    // The destination needs to be at least size of `size + ivecLength` bytes long,
    // because the IV is stored at the start of the destination.
    size_t encrypt(const void* src, void* dst, size_t size);
    
    // The `src` is the encrypted data of some size `size`.
    // The `size` represents the size of the encrypted data with IV (see `encrypt()` function!).
    // The `dst` needs to be at least size of `size - ivecLength` bytes long.
    // The IV needs to be stored at the beginning of `src` data.
    size_t decrypt(const void* src, void* dst, size_t size);

private:
    static void evpDeleter(EVP_CIPHER_CTX* p);
    static const EVP_CIPHER* cipher;
    static const EVP_MD* digest;

    std::array<uint8_t, keyLength> key{};
    std::array<uint8_t, ivecLength> ivec{};
};

Source:

#include "AES.hpp"
#include <cstring>
#include <openssl/evp.h>
#include <openssl/rand.h>

const EVP_CIPHER* AES::cipher = EVP_get_cipherbyname("aes-128-ctr");
const EVP_MD* AES::digest = EVP_get_digestbyname("sha256");

AES::AES(const std::vector<uint8_t>& sharedKey) {
    if (!cipher) {
        throw std::runtime_error("Failed to get cipher by name");
    }

    if (!digest) {
        throw std::runtime_error("Failed to get digest by name");
    }
    
    if (sharedKey.size() != key.size()) {
        throw std::runtime_error("Wrong key size");
    }

    std::memcpy(key.data(), sharedKey.data(), key.size());

    // Initialize IV with random data
    RAND_bytes(ivec.data(), static_cast<int>(ivec.size()));
}

AES::~AES() = default;

size_t AES::encrypt(const void* src, void* dst, const size_t size) {
    std::memcpy(dst, ivec.data(), ivecLength);

    std::unique_ptr<EVP_CIPHER_CTX, decltype(&evpDeleter)> ctx{EVP_CIPHER_CTX_new(), &evpDeleter};

    if (EVP_EncryptInit_ex(ctx.get(), cipher, nullptr, key.data(), ivec.data()) != 1) {
        return 0;
    }

    int result;
    if (EVP_EncryptUpdate(ctx.get(),
                          reinterpret_cast<unsigned char*>(dst) + ivecLength,
                          &result,
                          reinterpret_cast<const unsigned char*>(src),
                          static_cast<int>(size)) != 1 ||
        result < 0) {
        return 0;
    }

    int final;
    if (EVP_EncryptFinal_ex(ctx.get(), reinterpret_cast<unsigned char*>(dst) + ivecLength + result, &final) != 1) {
        return 0;
    }

    if (EVP_CIPHER_CTX_get_updated_iv(ctx.get(), &ivec[0], ivec.size()) != 1) {
        return 0;
    }

    return static_cast<size_t>(result) + static_cast<size_t>(final) + ivecLength;
}

size_t AES::decrypt(const void* src, void* dst, const size_t size) {
    if (size <= ivecLength) {
        return 0;
    }

    std::unique_ptr<EVP_CIPHER_CTX, decltype(&evpDeleter)> ctx{EVP_CIPHER_CTX_new(), &evpDeleter};

    const auto start = reinterpret_cast<const unsigned char*>(src);

    if (EVP_DecryptInit_ex(ctx.get(), cipher, nullptr, key.data(), start) != 1) {
        return 0;
    }

    int result;
    if (EVP_DecryptUpdate(ctx.get(),
                          reinterpret_cast<unsigned char*>(dst),
                          &result,
                          start + ivecLength,
                          static_cast<int>(size - ivecLength)) != 1 ||
        result < 0) {
        return 0;
    }

    int final;
    if (EVP_DecryptFinal_ex(ctx.get(), reinterpret_cast<unsigned char*>(dst) + result, &final) != 1) {
        return 0;
    }

    return static_cast<size_t>(result) + static_cast<size_t>(final);
}

void AES::evpDeleter(EVP_CIPHER_CTX* p) {
    EVP_CIPHER_CTX_free(p);
}