CODEWITHSUNDEEP
capacheencryptionopenssl
eeadev
eeadev

Reputation: 3852

Openssl decryption does not find the same value as before encryption

I am using DES_ecb_encrypt for encrypting the cookie and afterward I am decrypting the same value and I expect to find the very same value.

I am using those functions:

void algo_crypt(request_rec *r) {
    char cookie[] = "VAR=USER123456";
    unsigned char key_md5[16];
    int len;
    const_DES_cblock *input;
    DES_cblock *output;
    unsigned char in[BUFSIZE], out[BUFSIZE], back[BUFSIZE];
    unsigned char *e = out;
    DES_cblock key = "MyKey";
    DES_cblock seed = {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10};
    DES_key_schedule keysched;

    memset(in, 0, sizeof(in));
    memset(out, 0, sizeof(out));
    memset(back, 0, sizeof(back));

     DES_set_key((C_Block *)key, &keysched);

     strcpy(in, cookie);

     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Plaintext: [%s]\n", in);

     DES_ecb_encrypt((C_Block *)cookie,(C_Block *)out, &keysched, DES_ENCRYPT);

     am_cookie_set(r, out);

     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Ciphertext out: %s", out);

     while (*e)
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
             "algo_crypt [%02x] ", *e++);

}

and this for decryption:

void algo_decrypt(request_rec *r) {
    unsigned char key_md5[16];
    int len;
    const_DES_cblock *input;
    DES_cblock *output;
    unsigned char in[BUFSIZE], back[BUFSIZE];
    unsigned char out[] = {0xb8, 0xa8, 0xb0, 0x54, 0x40, 0x23, 0xd1, 0x25};
    unsigned char *e = out;

    DES_cblock key = "MyKey";
    DES_key_schedule keysched;

    memset(back, 0, sizeof(back));

    DES_set_key((C_Block *)key, &keysched);

    char *mycookie = am_cookie_get(r);

    DES_ecb_encrypt((C_Block *)mycookie, (C_Block *)back, &keysched, DES_DECRYPT);

    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Decrypted Text: [%s]\n", back);
}

but the print returns this: 

Decrypted Text: [VAR=USER]\n

What am I doing wrong?

I am using openssl, C and I am working on Apache using ubuntu

Upvotes: 0

Views: 285

Answers (1)

Maarten Bodewes
Maarten Bodewes

Reputation: 93948

I'm seeing two key_md5 variables that aren't used. It's likely that you need to perform an MD5 hash on the "key" input, which is really a password, not a key.

Now the problem is that DES expects a 56 bit key, encoded in 8 bytes (1 bit parity per byte). However, your "key" consists of 5 characters / bytes. So three bytes are unknown. As you can see, the C function doesn't contain a length parameter and it doesn't know the size of your array (because it is just a pointer).

So it takes 5 characters and the 3 bytes right behind them. And as those may have any value, you will have an indeterminate result. Of course, as the output of a block cipher looks randomized anyway, it is impossible to detect this; it will however still fail on decryption unless you're extremely "lucky" and have the same values behind the "MyKey" string for both encryption and decryption.

Upvotes: 2

Related Questions