11

I'm looking at the crypto library examples (programmed in c) provided for OpenSSL EVP on OpenSSL Wiki.

Their example for a 128 bit Initialization Vector is as follows: 

/* A 128 bit IV */  
unsigned char *iv = (unsigned char *)"01234567890123456";

0-9 -> 10 chars
0-6 -> 7 chars
Total: 17 chars

Each char is 1 byte(8 bits) on my system. Hence the IV is 8*17 = 136 bits. Why are they saying that the total IV size is 128 bits? Is this an off-by-1 error or am I missing something?

Nic
  • 1,806
  • 14
  • 22
peevishprogrammer
  • 146
  • 5
  • 7
    Looks like somebody miscounted. It's probably gone unnoticed because in any location where that `iv` pointer will actually used, only the first 16 bytes will ever be accessed. – Stephen Touset Feb 24 '17 at 00:32
  • Oops. Mea culpa. I fixed the wiki. – Matt Caswell Feb 24 '17 at 08:56
  • 1
    @MattCaswell Could you note that the IV should be random for CBC as well and prefix the IV to the ciphertext in the example? PS pretty funny part in the wiki: "Make sure you use the right key and IV length for the cipher you have selected, or it will go horribly wrong!! " ;) – Maarten Bodewes Mar 01 '17 at 23:24
  • @MaartenBodewes I added a comment about the IV being random. Don't have time to modify the code sample at the moment...but feel free to do so yourself if you wish! – Matt Caswell Mar 02 '17 at 09:13
  • 3
    You should post it as an answer and accept is, it is still showing as unanswered. – Peter Harmann Apr 20 '18 at 09:31
  • @PeterHarmann Since OP apparently didn't want to, I've taken the liberty of posting what they edited into their question as a standalone answer. – Nic Jul 09 '19 at 17:29

1 Answers1

1

Moved from the question to an answer.

Stephen was correct. This was very simple to check, I just changed the IV to be the correct length and the ciphertext remained the same. Hence, the extra byte is not used in the algorithm and somebody miscounted.

Default IV: 

/* A 128 bit IV */  
unsigned char *iv = (unsigned char *)"01234567890123456";

Output:

Ciphertext is:  
0000 - e0 6f 63 a7 11 e8 b7 aa-9f 94 40 10 7d 46 80 a1   .oc.......@.}F..  
0010 - 17 99 43 80 ea 31 d2 a2-99 b9 53 02 d4 39 b9 70   ..C..1....S..9.p  
0020 - 2c 8e 65 a9 92 36 ec 92-07 04 91 5c f1 a9 8a 44   ,.e..6.....\...D

New IV:

/* A 128 bit IV */  
unsigned char *iv = (unsigned char *)"0123456789012345";

Run make again to build the program.

Output:

Ciphertext is:  
0000 - e0 6f 63 a7 11 e8 b7 aa-9f 94 40 10 7d 46 80 a1   .oc.......@.}F..  
0010 - 17 99 43 80 ea 31 d2 a2-99 b9 53 02 d4 39 b9 70   ..C..1....S..9.p  
0020 - 2c 8e 65 a9 92 36 ec 92-07 04 91 5c f1 a9 8a 44   ,.e..6.....\...D
Nic
  • 1,806
  • 14
  • 22