Extracting decrypt key for AES from openssl on client side












2















I have implemented AES 128 encrypt and decrypt functions and tested it with sample data and it checks out perfectly. I used the following reference:
https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf



Next I implemented a dummy SSL client and SSL server which uses openssl to send and receive data. It is working without any error and the messages are exchanged seamlessly.



My main goal here is to use openssl for initial handshake sequence. Once the connection is established between server and client, decrypt the incoming message (this time not using the openssl api but rather by using the decrypt AES function implemented earlier) and print and similarly for outgoing message. We will focus on incoming messages.



For this of course I will need the decrypt key and IV. I got the decrypt key(read key) on client side like following: (ssl is the SSL* structure of openssl for the established connection, I am accessing the source code structures of openssl directly)



//following struct copied from crypto/evp/e_aes.c
typedef struct {
union {
double align;
AES_KEY ks;
} ks;
block128_f block;
union {
cbc128_f cbc;
ctr128_f ctr;
} stream;
} EVP_AES_KEY;

[Client Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_read_ctx);
cipher_data->ks.ks.rd_key --> this is the decrypt key


I used this key to decrypt the incoming message with the AES decrypt function but in vain.



Now AES is symmetric encryption so I thought let me check the encrypt(write) key on the server side. The encrypt key on server should be equal to decrypt key on client side. I got the encrypt key on server like following:



[Server Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_write_ctx);
cipher_data->ks.ks.rd_key --> this is the encrypt key


To my surprise they are different. Now if I use the above encrypt key of server to decrypt the message on the client side. The message is decrypted successfully.(as expected, the key used for encrypting the message is used to decrypt the message in AES standard).



So I reach the following inferences:




  1. The decrypt key which is acquired on the client side is encrypted in some way in openssl?

  2. My method for getting the decrypt key on client side is wrong.


How can I get the decrypt key on the client side which I can use in the AES decryption routine?










share|improve this question




















  • 2





    OpenSSL's AES_KEY is not the key; it is the key schedule with a tweak. For encryption, the first 1, 1.5 or 2 round keys are the 'user' key, but for decryption using the equivalent-inverse form (5.3.5 in FIPS197) the round keys are premultiplied (in GF/11B) by the InvMixColumns matrix, plus OpenSSL reverses the order so Rn is at subscripts 0..3 and R0 is at subscripts 4n..4n+3; see crypto/aes/aes_core.c in the source. It should work to take Rn and possibly Rn-1 (depending on key size) and re-multiply them by forward MixColumns, but I haven't tried it.

    – dave_thompson_085
    Nov 14 '18 at 13:56













  • What is an dummy SSL client/server? Does it actually implement the SSL/TLS protocol or not. If not it is just a custom encrypted connection, most likely insecure and vulnerable to dozens of attacks. Just use TLS1.2/1.3 instead and everything will be fine.

    – Robert
    Nov 14 '18 at 19:31


















2















I have implemented AES 128 encrypt and decrypt functions and tested it with sample data and it checks out perfectly. I used the following reference:
https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf



Next I implemented a dummy SSL client and SSL server which uses openssl to send and receive data. It is working without any error and the messages are exchanged seamlessly.



My main goal here is to use openssl for initial handshake sequence. Once the connection is established between server and client, decrypt the incoming message (this time not using the openssl api but rather by using the decrypt AES function implemented earlier) and print and similarly for outgoing message. We will focus on incoming messages.



For this of course I will need the decrypt key and IV. I got the decrypt key(read key) on client side like following: (ssl is the SSL* structure of openssl for the established connection, I am accessing the source code structures of openssl directly)



//following struct copied from crypto/evp/e_aes.c
typedef struct {
union {
double align;
AES_KEY ks;
} ks;
block128_f block;
union {
cbc128_f cbc;
ctr128_f ctr;
} stream;
} EVP_AES_KEY;

[Client Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_read_ctx);
cipher_data->ks.ks.rd_key --> this is the decrypt key


I used this key to decrypt the incoming message with the AES decrypt function but in vain.



Now AES is symmetric encryption so I thought let me check the encrypt(write) key on the server side. The encrypt key on server should be equal to decrypt key on client side. I got the encrypt key on server like following:



[Server Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_write_ctx);
cipher_data->ks.ks.rd_key --> this is the encrypt key


To my surprise they are different. Now if I use the above encrypt key of server to decrypt the message on the client side. The message is decrypted successfully.(as expected, the key used for encrypting the message is used to decrypt the message in AES standard).



So I reach the following inferences:




  1. The decrypt key which is acquired on the client side is encrypted in some way in openssl?

  2. My method for getting the decrypt key on client side is wrong.


How can I get the decrypt key on the client side which I can use in the AES decryption routine?










share|improve this question




















  • 2





    OpenSSL's AES_KEY is not the key; it is the key schedule with a tweak. For encryption, the first 1, 1.5 or 2 round keys are the 'user' key, but for decryption using the equivalent-inverse form (5.3.5 in FIPS197) the round keys are premultiplied (in GF/11B) by the InvMixColumns matrix, plus OpenSSL reverses the order so Rn is at subscripts 0..3 and R0 is at subscripts 4n..4n+3; see crypto/aes/aes_core.c in the source. It should work to take Rn and possibly Rn-1 (depending on key size) and re-multiply them by forward MixColumns, but I haven't tried it.

    – dave_thompson_085
    Nov 14 '18 at 13:56













  • What is an dummy SSL client/server? Does it actually implement the SSL/TLS protocol or not. If not it is just a custom encrypted connection, most likely insecure and vulnerable to dozens of attacks. Just use TLS1.2/1.3 instead and everything will be fine.

    – Robert
    Nov 14 '18 at 19:31
















2












2








2








I have implemented AES 128 encrypt and decrypt functions and tested it with sample data and it checks out perfectly. I used the following reference:
https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf



Next I implemented a dummy SSL client and SSL server which uses openssl to send and receive data. It is working without any error and the messages are exchanged seamlessly.



My main goal here is to use openssl for initial handshake sequence. Once the connection is established between server and client, decrypt the incoming message (this time not using the openssl api but rather by using the decrypt AES function implemented earlier) and print and similarly for outgoing message. We will focus on incoming messages.



For this of course I will need the decrypt key and IV. I got the decrypt key(read key) on client side like following: (ssl is the SSL* structure of openssl for the established connection, I am accessing the source code structures of openssl directly)



//following struct copied from crypto/evp/e_aes.c
typedef struct {
union {
double align;
AES_KEY ks;
} ks;
block128_f block;
union {
cbc128_f cbc;
ctr128_f ctr;
} stream;
} EVP_AES_KEY;

[Client Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_read_ctx);
cipher_data->ks.ks.rd_key --> this is the decrypt key


I used this key to decrypt the incoming message with the AES decrypt function but in vain.



Now AES is symmetric encryption so I thought let me check the encrypt(write) key on the server side. The encrypt key on server should be equal to decrypt key on client side. I got the encrypt key on server like following:



[Server Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_write_ctx);
cipher_data->ks.ks.rd_key --> this is the encrypt key


To my surprise they are different. Now if I use the above encrypt key of server to decrypt the message on the client side. The message is decrypted successfully.(as expected, the key used for encrypting the message is used to decrypt the message in AES standard).



So I reach the following inferences:




  1. The decrypt key which is acquired on the client side is encrypted in some way in openssl?

  2. My method for getting the decrypt key on client side is wrong.


How can I get the decrypt key on the client side which I can use in the AES decryption routine?










share|improve this question
















I have implemented AES 128 encrypt and decrypt functions and tested it with sample data and it checks out perfectly. I used the following reference:
https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf



Next I implemented a dummy SSL client and SSL server which uses openssl to send and receive data. It is working without any error and the messages are exchanged seamlessly.



My main goal here is to use openssl for initial handshake sequence. Once the connection is established between server and client, decrypt the incoming message (this time not using the openssl api but rather by using the decrypt AES function implemented earlier) and print and similarly for outgoing message. We will focus on incoming messages.



For this of course I will need the decrypt key and IV. I got the decrypt key(read key) on client side like following: (ssl is the SSL* structure of openssl for the established connection, I am accessing the source code structures of openssl directly)



//following struct copied from crypto/evp/e_aes.c
typedef struct {
union {
double align;
AES_KEY ks;
} ks;
block128_f block;
union {
cbc128_f cbc;
ctr128_f ctr;
} stream;
} EVP_AES_KEY;

[Client Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_read_ctx);
cipher_data->ks.ks.rd_key --> this is the decrypt key


I used this key to decrypt the incoming message with the AES decrypt function but in vain.



Now AES is symmetric encryption so I thought let me check the encrypt(write) key on the server side. The encrypt key on server should be equal to decrypt key on client side. I got the encrypt key on server like following:



[Server Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_write_ctx);
cipher_data->ks.ks.rd_key --> this is the encrypt key


To my surprise they are different. Now if I use the above encrypt key of server to decrypt the message on the client side. The message is decrypted successfully.(as expected, the key used for encrypting the message is used to decrypt the message in AES standard).



So I reach the following inferences:




  1. The decrypt key which is acquired on the client side is encrypted in some way in openssl?

  2. My method for getting the decrypt key on client side is wrong.


How can I get the decrypt key on the client side which I can use in the AES decryption routine?







ssl openssl aes






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 14 '18 at 8:40







user10589957

















asked Nov 14 '18 at 8:26









user10589957user10589957

112




112








  • 2





    OpenSSL's AES_KEY is not the key; it is the key schedule with a tweak. For encryption, the first 1, 1.5 or 2 round keys are the 'user' key, but for decryption using the equivalent-inverse form (5.3.5 in FIPS197) the round keys are premultiplied (in GF/11B) by the InvMixColumns matrix, plus OpenSSL reverses the order so Rn is at subscripts 0..3 and R0 is at subscripts 4n..4n+3; see crypto/aes/aes_core.c in the source. It should work to take Rn and possibly Rn-1 (depending on key size) and re-multiply them by forward MixColumns, but I haven't tried it.

    – dave_thompson_085
    Nov 14 '18 at 13:56













  • What is an dummy SSL client/server? Does it actually implement the SSL/TLS protocol or not. If not it is just a custom encrypted connection, most likely insecure and vulnerable to dozens of attacks. Just use TLS1.2/1.3 instead and everything will be fine.

    – Robert
    Nov 14 '18 at 19:31
















  • 2





    OpenSSL's AES_KEY is not the key; it is the key schedule with a tweak. For encryption, the first 1, 1.5 or 2 round keys are the 'user' key, but for decryption using the equivalent-inverse form (5.3.5 in FIPS197) the round keys are premultiplied (in GF/11B) by the InvMixColumns matrix, plus OpenSSL reverses the order so Rn is at subscripts 0..3 and R0 is at subscripts 4n..4n+3; see crypto/aes/aes_core.c in the source. It should work to take Rn and possibly Rn-1 (depending on key size) and re-multiply them by forward MixColumns, but I haven't tried it.

    – dave_thompson_085
    Nov 14 '18 at 13:56













  • What is an dummy SSL client/server? Does it actually implement the SSL/TLS protocol or not. If not it is just a custom encrypted connection, most likely insecure and vulnerable to dozens of attacks. Just use TLS1.2/1.3 instead and everything will be fine.

    – Robert
    Nov 14 '18 at 19:31










2




2





OpenSSL's AES_KEY is not the key; it is the key schedule with a tweak. For encryption, the first 1, 1.5 or 2 round keys are the 'user' key, but for decryption using the equivalent-inverse form (5.3.5 in FIPS197) the round keys are premultiplied (in GF/11B) by the InvMixColumns matrix, plus OpenSSL reverses the order so Rn is at subscripts 0..3 and R0 is at subscripts 4n..4n+3; see crypto/aes/aes_core.c in the source. It should work to take Rn and possibly Rn-1 (depending on key size) and re-multiply them by forward MixColumns, but I haven't tried it.

– dave_thompson_085
Nov 14 '18 at 13:56







OpenSSL's AES_KEY is not the key; it is the key schedule with a tweak. For encryption, the first 1, 1.5 or 2 round keys are the 'user' key, but for decryption using the equivalent-inverse form (5.3.5 in FIPS197) the round keys are premultiplied (in GF/11B) by the InvMixColumns matrix, plus OpenSSL reverses the order so Rn is at subscripts 0..3 and R0 is at subscripts 4n..4n+3; see crypto/aes/aes_core.c in the source. It should work to take Rn and possibly Rn-1 (depending on key size) and re-multiply them by forward MixColumns, but I haven't tried it.

– dave_thompson_085
Nov 14 '18 at 13:56















What is an dummy SSL client/server? Does it actually implement the SSL/TLS protocol or not. If not it is just a custom encrypted connection, most likely insecure and vulnerable to dozens of attacks. Just use TLS1.2/1.3 instead and everything will be fine.

– Robert
Nov 14 '18 at 19:31







What is an dummy SSL client/server? Does it actually implement the SSL/TLS protocol or not. If not it is just a custom encrypted connection, most likely insecure and vulnerable to dozens of attacks. Just use TLS1.2/1.3 instead and everything will be fine.

– Robert
Nov 14 '18 at 19:31














0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53295824%2fextracting-decrypt-key-for-aes-from-openssl-on-client-side%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53295824%2fextracting-decrypt-key-for-aes-from-openssl-on-client-side%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Florida Star v. B. J. F.

Danny Elfman

Lugert, Oklahoma