AIX 5L V5.2 and V5.3 Cryptographic Application Programming Interfaces

Published 25 July 2005

More options


Authors: Sandeep R Patil, Prashant Sodhiya


IBM AIX 5L V5.2 and V5.3 exports some very useful Cryptographic Application Programming Interfaces. This IBM Technote provides a brief explanation about the use of these APIs along with a sample program to help programmers when developing security-related modules.


IBM AIX 5L V5.2 and V5.3 exports a set of powerful cryptographic APIs via the libmodcrypt.a library. These interfaces provide various cryptographic functionalities that are very useful. These subroutines provide block and stream cipher algorithms, plus two crypto-secure hash algorithms: sign/verify and Diffie-hellman Key exchange algorithms. The use of these subroutines requires programmers to follow certain steps.

The sample program provided here demonstrates how these subroutines can be used to exercise certain cryptographic functions. The program is for programmers who intend to start using these APIs. Because these subroutines are exported in the libmodcrypt.a library and have their function declaration declared in xcrypt.h, you will have to install the modcrypt.base fileset (available on the AIX 5.2 / AIX 5.3 Expansion Pack CD) before making use of them.

The following cryptographic subroutines are exported by AIX5L V5.2 & V5.3:
xcrypt_key_setup, xcrypt_encrypt, xcrypt_decrypt, xcrypt_hash, xcrypt_malloc, xcrypt_free, xcrypt_printb, xcrypt_mac, xcrypt_hmac, xcrypt_sign, xcrypt_verify, xcrypt_dh_keygen, xcrypt_dh, xcrypt_btoa, and xcrypt_randbuff.
For syntax of these subroutines, refer to

Sample Program:
The sample program makes use of some of the xcrypt APIs mentioned above to demonstrate the following cryptographic functionalities:

  1. Encrypt/decrypt a sample message using the Triple Data Encryption Standard (TDES) block cipher.
  2. Calculate and print the hash of a sample massage.

With this program as a starting point, programmers can make use the subroutines mentioned above to perform various cryptographic operations required for their applications. The output is listed at the end of the code sample.

Note: This sample program was built using VisualAge C++ Professional / C for AIX Compiler, Version 6 and tested on AIX V5.3.

/* */
/* This sample program encrypts/decrypts data using 128-bit TDES(Triple DES) */
/* and then calculates MD5 hash of the data. */
/* */
/* Compilation option: */
/* cc -o xcrypt_test xcrypt_test.c /usr/lib/libmodcrypt.a */
/* */

#include "xcrypt.h"

void main(void)
unsigned char *plain_data = "This is a sample message";
unsigned char enc_data[128], dec_data[128], hash_data[128];
unsigned char *key = "12345678";
unsigned char *iv ;
xcrypt_key enc_key, dec_key;

/* Set up a key schedule for encryption */
if( xcrypt_key_setup( TDES, &enc_key, key, KEY_128, DIR_ENCRYPT) < 0 )
printf("\n xcrypt_key_setup failed.");

/* Print the message to be encrypted */
printf(" Plain data : %s", plain_data);
printf("\n Plain data in HEX : "); xcrypt_printb(plain_data,strlen(plain_data));

/* Set up the initialization vector for CBC mode */
iv=(uchar *)malloc(8);
memset(iv, '1', 8);

/* Encrypt 'plain_data' buffer and output to 'enc_data' buffer.
* Here algType is TDES. Other supported algTypes are RIJNDAEL(AES),
if( xcrypt_encrypt( TDES, MODE_CBC, &enc_key, iv, plain_data, strlen(plain_data),
enc_data, FALSE) <0 )
printf("\n xcrypt_encrypt failed.");

/* Print encrypted data to screen in hex */
printf("\n Encrypted data : "); xcrypt_printb(enc_data,strlen(enc_data));

/* Set up a key schedule for decryption */
if( xcrypt_key_setup( TDES, &dec_key, key, KEY_128, DIR_DECRYPT) <0)
printf("\n xcrypt_key_setup failed.");

/* Re-initialize initialisation vector */
memset(iv, '1', 8);

/* Decrypt 'enc_data' buffer and output to 'dec_data' buffer */
if( xcrypt_decrypt( TDES, MODE_CBC, &dec_key, iv, enc_data, strlen(enc_data),
dec_data, FALSE) <0)
printf("\n xcrypt_decrypt failed.\n");

/* Print decrypted data */
printf("\n Decrypted data : %s",dec_data);
printf("\n Decrypted data in HEX : "); xcrypt_printb(dec_data,strlen(dec_data));

/* Compare the decrypted buffer with the original data buffer */
if(strcmp(plain_data, dec_data) != 0)
printf("\n decrypt Failed\n");

/* Hash the 'plain_data' buffer and output to 'hash_data' buffer
* Here 'plain_data' is hashed by MD5 algorithm. Other supported algorithm is SHA1
if( xcrypt_hash( MD5, plain_data, strlen(plain_data), hash_data) <0 )
printf("\n xcrypt_hash failed. ");

/* Print hash of the data to screen in hex */
printf("\n Hash of the data : "); xcrypt_printb(hash_data,strlen(hash_data));

This the output of the program:

Plain data : This is a sample message
Plain data in HEX : 5468697320697320612073616D706C65206D657373616765
Encrypted data : 547E573393DC34555072A50C53C322E5BB90E8E7C62C5B8D
Decrypted data : This is a sample message
Decrypted data in HEX : 5468697320697320612073616D706C65206D657373616765
Hash of the data : B00BEC976AD74F785DAAA810B8FCA81E

Special Notices

This material has not been submitted to any formal IBM test and is published AS IS. It has not been the subject of rigorous review. IBM assumes no responsibility for its accuracy or completeness. The use of this information or the implementation of any of these techniques is a client responsibility and depends upon the client's ability to evaluate and integrate them into the client's operational environment.

Follow IBM Redbooks

Follow IBM Redbooks