Merge pull request #183 from skalenetwork/enhancement/update-te#176

switch to aes cbc mode#176
skalenetwork · May 6, 2022 · f35bc5b · f35bc5b
2 parents af23ca5 + 98b7523
commit f35bc5b
Showing 1 changed file with 4 additions and 10 deletions.
diff --git a/tools/utils.cpp b/tools/utils.cpp
@@ -358,19 +358,16 @@ std::vector< uint8_t > ThresholdUtils::aesEncrypt(
     std::vector< unsigned char > output;
     output.resize( enc_length, '\0' );
 
-    unsigned char tag[AES_BLOCK_SIZE];
     unsigned char iv[AES_BLOCK_SIZE];
     RAND_bytes( iv, sizeof( iv ) );
-    std::copy( iv, iv + 16, output.begin() + 16 );
+    std::copy( iv, iv + 16, output.begin() );
 
     int actual_size = 0, final_size = 0;
     EVP_CIPHER_CTX* e_ctx = EVP_CIPHER_CTX_new();
-    EVP_EncryptInit( e_ctx, EVP_aes_256_gcm(), ( const unsigned char* ) key.c_str(), iv );
+    EVP_EncryptInit( e_ctx, EVP_aes_256_cbc(), ( const unsigned char* ) key.c_str(), iv );
     EVP_EncryptUpdate( e_ctx, &output[64], &actual_size, ( const unsigned char* ) plaintext.data(),
         plaintext.length() );
     EVP_EncryptFinal( e_ctx, &output[64 + actual_size], &final_size );
-    EVP_CIPHER_CTX_ctrl( e_ctx, EVP_CTRL_GCM_GET_TAG, 16, tag );
-    std::copy( tag, tag + 16, output.begin() );
     std::copy( iv, iv + 16, output.begin() + 16 );
     output.resize( 64 + actual_size + final_size );
     EVP_CIPHER_CTX_free( e_ctx );
@@ -381,19 +378,16 @@ std::string ThresholdUtils::aesDecrypt(
     const std::vector< uint8_t >& ciphertext, const std::string& key ) {
     initAES();
 
-    unsigned char tag[AES_BLOCK_SIZE];
     unsigned char iv[AES_BLOCK_SIZE];
-    std::copy( ciphertext.begin(), ciphertext.begin() + 16, tag );
-    std::copy( ciphertext.begin() + 16, ciphertext.begin() + 32, iv );
+    std::copy( ciphertext.begin(), ciphertext.begin() + 16, iv );
     std::vector< unsigned char > plaintext;
     plaintext.resize( ciphertext.size(), '\0' );
 
     int actual_size = 0, final_size = 0;
     EVP_CIPHER_CTX* d_ctx = EVP_CIPHER_CTX_new();
-    EVP_DecryptInit( d_ctx, EVP_aes_256_gcm(), ( const unsigned char* ) key.c_str(), iv );
+    EVP_DecryptInit( d_ctx, EVP_aes_256_cbc(), ( const unsigned char* ) key.c_str(), iv );
     EVP_DecryptUpdate(
         d_ctx, &plaintext[0], &actual_size, &ciphertext[64], ciphertext.size() - 64 );
-    EVP_CIPHER_CTX_ctrl( d_ctx, EVP_CTRL_GCM_SET_TAG, 16, tag );
     EVP_DecryptFinal( d_ctx, &plaintext[actual_size], &final_size );
     EVP_CIPHER_CTX_free( d_ctx );
     plaintext.resize( actual_size + final_size, '\0' );