Qt + OpenSSL & EVP_DecryptFinal_ex error bad decrypt

qDebug · wrote on 11 Mar 2018, 04:34

Hey guys!

I try to use OpenSSL to decode an AES 128 CBC string for some time. Since i'm running out of ideas i really could use some help here. After creating a test app i always run into some decrypt errors i can't figure out how to fix.

After hours looking for some (working and not outdated) code examples and trying to find my mistake, i appreciate any input / help here.

#define KEYSIZE 32
#define IVSIZE 32
#define BLOCKSIZE 128
#define PADDING RSA_PKCS1_PADDING
#define AES_BLOCK_SIZE 16

AES::AES(QWidget *parent) : QMainWindow(parent), ui(new Ui::AES)
{
    ui->setupUi(this);

    ERR_load_EVP_strings();
    ERR_load_CRYPTO_strings();
    OpenSSL_add_all_digests();
    OpenSSL_add_all_algorithms();
    OPENSSL_config(NULL);
}

AES::~AES()
{
    EVP_cleanup();
    ERR_free_strings();

    delete ui;
}

QByteArray AES::decryptAES(QString user_key, QString user_data)
{
    // QByteArray data_base64 = user_data.toLatin1();
    QByteArray data = QByteArray::fromBase64(user_data.toLatin1());
    QByteArray iv1 = data.left(16).toHex();
    QByteArray key1 = QByteArray(QCryptographicHash::hash(user_key.toLatin1(), QCryptographicHash::Md5).toHex());

    // qDebug() << "data_base64: " << data_base64 << "len: " << data_base64.length();
    qDebug() << "data: " << data << "len: " << data.length();
    qDebug() << "iv1: " << iv1 << "len: " << iv1.length();
    qDebug() << "key1: " << key1 << "len: " << key1.length();

    unsigned char key[KEYSIZE];
    unsigned char iv[IVSIZE];

    memcpy(key, key1.data(), key1.size());
    memcpy(iv, iv1.data(), iv1.size());

    EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();
    EVP_CIPHER_CTX_init(de);

    if(!EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL, key, iv))
    {
        qCritical() << "EVP_DecryptInit_ex() failed" << ERR_error_string(ERR_get_error(), NULL);
        return QByteArray();
    }

    char *input = data.data();
    int len = data.size();

    int p_len = len, f_len = 0;
    unsigned char *plaintext = (unsigned char *)malloc(p_len + AES_BLOCK_SIZE);

    if(!EVP_DecryptUpdate(de, plaintext, &p_len, (unsigned char *)input, len))
    {
        qCritical() << "EVP_DecryptUpdate() failed " <<  ERR_error_string(ERR_get_error(), NULL);
        free(plaintext);
        return QByteArray();
    }

    if(!EVP_DecryptFinal_ex(de, plaintext + p_len, &f_len))
    {
        qCritical() << "EVP_DecryptFinal_ex() failed " <<  ERR_error_string(ERR_get_error(), NULL);
        free(plaintext);
        return QByteArray();
    }

    len = p_len + f_len;

    EVP_CIPHER_CTX_cleanup(de);

    QByteArray decrypted = QByteArray(reinterpret_cast<char*>(plaintext), len);
    free(plaintext);

    qDebug() << "decrypted: " << decrypted;

    return decrypted;
}

void AES::on_button_decrypt_clicked()
{
    QByteArray in_enc_line;
    in_enc_line.append(ui->line_encrypted->text());

    QByteArray in_key_line;
    in_key_line.append(ui->line_key->text());

    if(!in_enc_line.isEmpty() || !in_key_line.isEmpty())
    {
        ui->line_decrypted->setText(QString::fromLatin1(decryptAES(ui->line_key->text(), ui->line_encrypted->text())));
    }

}

void AES::on_line_key_textChanged(const QString &arg1)
{
    QString key_md5 = QString(QCryptographicHash::hash(arg1.toLatin1(), QCryptographicHash::Md5).toHex());
    ui->label_md5->setText(key_md5);
}

void AES::on_line_encrypted_textChanged(const QString &arg1)
{
    ui->label_base64->setText(QString::fromLatin1(QByteArray::fromBase64(arg1.toLatin1())));
    ui->label_iv->setText(QString::fromLatin1(arg1.toLatin1().left(16).toHex()));
}

Everything seems to work but i always end up with EVP_DecryptFinal_ex:bad decrypt. Where did i miss something?

Thanks!

qDebug · wrote on 13 Mar 2018, 00:39

Anyone? :(

I'm playing around with OpenSSL and EVP for some time now but it seems i still don't get it.

Even a small hind would be nice :)

qDebug · wrote on 14 Mar 2018, 20:53

I wonder if there is some one out there using OpenSSL EVP + Qt successfully? Most of the examples are outdated and not working. And if i ask, i always hear: try something else, it is better.

SGaist · wrote on 14 Mar 2018, 21:16

Hi,

Did you got the OpenSSL part working without Qt ?
What examples are you referring to ?

qDebug · wrote on 15 Mar 2018, 01:55

Hi SGaist!

I'm using

vh/0fb1R3awZqWeKpYDqlCafaRS7s49EIAPBmZXKgLo=

for testing. The encoded string ist "this is a test". My key is "test" (md5).

echo vh/0fb1R3awZqWeKpYDqlCafaRS7s49EIAPBmZXKgLo= | openssl.exe enc -d -a -A -aes-128-cbc -iv be1ff47dbd51ddac19a9678aa580ea94 -K 098f6bcd4621d373cade4e832627b4f6

This works, it gets decrypted as expected like:

YÈ])-EÖºà¯ÌSå+£gthis is a test

In my code i get a bad decrypt. I did google a lot about what may the problem. I did test and try other OpenSSL versions as well. The only think i did not try yet, is building OpenSSL myself but i'm not sure if this makes any difference.

Thanks!

SGaist · wrote on 15 Mar 2018, 07:17

There's no need to build your own version of OpenSSL,. My question was rather: did you got EVP API working without using Qt at all ?

qDebug · wrote on 15 Mar 2018, 11:21

Like in Visual Studio? No. Since i plan to use it in Qt i started here.

SGaist · wrote on 15 Mar 2018, 22:17

No, I mean, just using plain C with char arrays etc.

qDebug · wrote on 16 Mar 2018, 02:11

No, i did not.

SGaist · wrote on 16 Mar 2018, 07:05

Then you should start by doing that. Ensure that you get it working correctly with the raw API and then you can start integrating it your GUI application.

qDebug · 16 Mar 2018, 12:42

OK, so no one got it working in Qt yet.

Thanks.

jsulm · Q qDebug 16 Mar 2018, 11:02

@qDebug said in Qt + OpenSSL & EVP_DecryptFinal_ex error bad decrypt:

OK, so no one got it working in Qt yet.

How do you know?

qDebug · wrote on 16 Mar 2018, 21:14

This is my superpower, i can tell.

I'm right as long as some one proves me wrong ;-)