0

Hy guys, another problem about openssl:

I have this command: 

openssl enc -aes-192-cbc -pbkdf2 -e -in <infile> -out <outfile> -pass pass:password

Now i have only the ciphertext of this command and i know the password and then i know also the salt that is the first 8 bytes of the ciphertext after the string "Salted__". I know also that openssl as default parameter take 1000 iteration count and sha256 as a digest. My problem is: how i can go back to the derived key and derived iv from c language?

My code is this but it not return the right values:

void decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *plaintext, const char *password, unsigned char* salt){
    EVP_CIPHER_CTX *ctx;

    int len;

    int plaintext_len;

    //unsigned char* key = "EF04020D6979FC09CC1859A2BFB832FFFCF57C64BA61F682"; right value
    //unsigned char* iv = "722EDDC813763C9AAB96A0A6885CE1DB"; right value
    unsigned char key[24], iv[16];

    int i;  

    PKCS5_PBKDF2_HMAC(password, strlen(password), (unsigned char*)salt, strlen(salt), 1000, EVP_sha256(), 16, key);

    EVP_BytesToKey(EVP_aes_192_cbc(), EVP_sha256(), (unsigned char*)salt, (unsigned char*)password, strlen(password), 1000, key+16, iv);

    printf("Key: "); for(i=0; i < 24; ++i){ printf("%02x", key[i]); } printf("\n");
    printf("IV: "); for(i=0; i < 16; ++i){ printf("%02x", iv[i]); } printf("\n\n");

    //Create and initialise the context 
    if(!(ctx = EVP_CIPHER_CTX_new()))
        handleErrors();


    //Initialise the decryption operation. IMPORTANT - ensure you use a key
    //and IV size appropriate for your cipher

    if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_192_cbc(), NULL, key, iv))
        handleErrors();

    //Provide the message to be decrypted, and obtain the plaintext output.
    //EVP_DecryptUpdate can be called multiple times if necessary.

    if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
        handleErrors();
    plaintext_len = len;

    //Finalise the decryption. Further plaintext bytes may be written at
    //this stage.

    if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len))
        handleErrors();
    plaintext_len += len;

    //Clean up 
    EVP_CIPHER_CTX_free(ctx);

}

The right values are commented and i take it from the terminal.... but my c code don't return that values. I think this depends by the fact that i don't translate well the -pbkdf2 derivation key...Help me please

rustyx
  • 80,671
  • 25
  • 200
  • 267
Valerio Coretti
  • 147
  • 2
  • 8

1 Answers1

0

I solved this problem seeing in the source code of openssl on GitHub:

https://github.com/openssl/openssl/blob/master/apps/enc.c

Valerio Coretti
  • 147
  • 2
  • 8