Reputation: 9
How to properly implement HKDF Expand with openssl EVP_KDF
I am trying to manually get around bitwarden's encryption, and getting wrong results from using openssl according to this page: https://wiki.openssl.org/index.php/EVP_Key_Derivation . I want to use openssl to hkdf-expand the "master key" in bitwarden to the "stretched master key."
I discovered that python cryptography library's HKDFExpand produces correct results after finding this project: https://github.com/GurpreetKang/BitwardenDecrypt (lines 133-139), so how can I implement openssl to behave similar to HKDFExpand?
The only changes I have made in the example is remove the salt param and instead add a mode param using
int a = EVP_KDF_HKDF_MODE_EXPAND_ONLY;
*p++ = OSSL_PARAM_construct_int("mode", &a);
also changed the key (censored here) and info params:
*p++ = OSSL_PARAM_construct_octet_string(
"key", "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=", (size_t)44);
*p++ = OSSL_PARAM_construct_octet_string("info", "enc", (size_t)3);
and the rest is the same just with the error() replaced by printf(). The code works but converting the hex output to b64 shows a different stretched key than on https://bitwarden.com/crypto.html and the one generated by that python file
Upvotes: 0
Views: 102
Answers (0)
Related Questions
- dyld: Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
- How to install OpenSSL in windows 10?
- How to set, clear, and toggle a single bit
- How do I determine the size of my array in C?
- Using openssl to get the certificate from a server
- Using OpenSSL what does "unable to write 'random state'" mean?
- How to use OpenSSL to encrypt/decrypt files?
- With arrays, why is it the case that a[5] == 5[a]?
- How do function pointers in C work?
- How do I install the OpenSSL libraries on Ubuntu?