OpenSSL for Matlab

Tonight I’m going to discuss OpenSSL for Matlab – which has been tested against Matlab for Windows and Mac OS X.

This code was written strictly to make it easier to look at various algorithms and modes under different circumstances.  However, its a neat tool and has many uses beyond its original intentions.

- First step (assuming you already have Matlab) is to build the project.  BuildMex is a helper routine to automatically complete the process.  If you change the default install path of OpenSSL that change will need to be taken into account in buildMex.  I think the path and potential change that may be necessary is obvious (ispc() – is windows only):

if(ispc())

options = [' C:\openssl\lib\libeay32.lib -IC:\openssl\include ' options];

elseif(isunix())

options = [options ' -I/usr/local/ssl/lib -lssl -lcrypto '];

end

- Step two, now that everything is built we need to make sure everything is working, example.m will verify that.

This is the output:

>> example
Test 1a Passed
Test 1b Passed
Test 1c Passed
Test 1d Passed
Test 2 Passed
Test 3 Passed

So, now that we know everything is working lets take a look at whats going on.  I’m not going to give an overly in depth description of OpenSSL, but I will describe this tool and the inputs which feed directly into OpenSSL.  Look for a more in depth discussion on OpenSSL in the future.

I’m going to start with a simple example and work up from there.

% Test 1a: Basic Encryption / Decryption

dataToEncrypt = uint8(1:255);

encryptedData = mexEVP_Encrypt(‘data’,dataToEncrypt);

decrypted = mexEVP_Decrypt(‘data’,encryptedData);


This example starts by generating data of type UINT8.  It then encrypts it and decrypts it.  If you were to plot dataToEncrypt & encryptedData it will look like this:


While the example above is powerful, it doesn’t support doubles – the primary Matlab data type.  We need a way to convert from double to uint8 and back again with out losing data.  Which leads to example 2:


%Test 2: Data Conversion

dataStart = 1:255;


toUint8 = [];

for J=1:length(dataStart)

temp = double2uint8(dataStart(J));

toUint8 = [toUint8; temp];

end


toDouble = [];

for J=1:8:length(toUint8)

temp = uint82double(toUint8(J:J+7));

toDouble = [toDouble; temp];

end


The code above is straight forward with a basic understanding of whats happening.  Keep in mind a double is 8 bytes and a uint8 is 1 byte and there are 8 bits in 1 byte.  So each double in the dataStart array needs to be converted to a uint8 – the first loop accomplishes that.  It iterates over each element and appends it to the toUint8 array – which will have 8x more elements than the input array.  The toUint8 array could be passed in the mexEVP_Encrypt function at this point as in the first example.  The avid Matlab user will also notice the guts of each loop can be reduced to 1 line – more on that in a few minutes.


So lets assume we have just returned from the mexEVP_Decrypt function – we will need to convert the uint8 array back to doubles.  This loop looks pretty similar to the first loop with one major difference – the number of elements being passed into uint82double.  Since the are 8 bytes in a double – 8 bytes need to be passed in.  Thats why J:J+7 is passed in – 8 bytes are passed in and 1 double (8 bytes) is returned.


With any luck you know have a basic understanding of how to encrypt and decrypt data that is a uint8 or a double.  We are missing a few key things at this point like:

  1. Which algorithm – with mode and size is being run?
  2. What key is being used to encrypt my data?
  3. What IV is being used in tandem to encrypt my data?

I’m going to point out the included help – if you run mexEVP_Encrypt with no inputs this will output:

mexEVP_Encrypt:

data: What data would you like to encrypt?  This is the only required option…

key: what key would you like the data it be encrypted with?

IV: The initialization vector used to speed some algorithms up

Supported Ciphers: (Reference OpenSSL documentation for current & complete list)

Currently Defaults to: aes-128-cbc

AES: aes-128-ecb, aes-128-cbc, aes-192-ecb, aes-192-cbc, aes-256-ecb, aes-256-cbc

Blowfish: bf-ecb, bf-cbc, bf-cfb, bf-ofb

Cast: cast-ecb, cast-cbc, cast-cfb, cast-ofb

DES: des-ecb, des-cbc, des-cfb, des-ofb

DESX: desx

3DES: des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-ofb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb

IDEA: idea-ecb, idea-cbc, idea-cfb, idea-ofb

I’m also going to point out one other functions: mexRandom


mexRandom can be used to generate a random Key & IV though the official OpenSSL mechanism.


Lets put the basic understanding together with everything else we learned so far – into one large example:


% Test (not in example.m): Encryption / Decryption – random key, iv & custom algorithm

dataToEncrypt = 1:0.25:25;

[key, iv] = mexRandom(‘key’,’iv’);


toUint8 = [];

for J=1:length(dataToEncrypt)

toUint8 = [toUint8; double2uint8(dataToEncrypt(J))];

end


encryptedData = mexEVP_Encrypt(‘data’,toUint8,’key’,key,’iv’,iv,’cipher’,’bf-cbc’);

decrypted = mexEVP_Decrypt(‘data’,encryptedData,’key’,key,’iv’,iv,’cipher’,’bf-cbc’);


toDouble = [];

for J=1:8:length(decrypted)

toDouble = [toDouble; uint82double(decrypted(J:J+7))];

end

Which can be easily verified by summing the difference of dataToEncrypt and toDouble:


>> sum(dataToEncrypt – toDouble’)


ans =


0


Now I that that we now the output is valid look at the inputs.

mexRandom is generating a key and and an iv, here is a sample key:



The cipher being passed in is ‘bf-cbc’ – blowfish with a cbc mode.
I realize at this point your probably a bit saturated and more description about is what is going on behind the curtain is needed.  I’m going to cover more about that in a later post, but in the mean time I encourage you to use this code, take a look through my first post, wikipedia, and the OpenSSL website for more details.



About these ads
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to OpenSSL for Matlab

  1. Pingback: Encryption Modes | Anthony's Thoughts

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s