Qt + OpenSSL & EVP_DecryptFinal_ex error bad decrypt

qDebug

Hey guys!

I try to use OpenSSL to decode an AES 128 CBC string for some time. Since i'm running out of ideas i really could use some help here. After creating a test app i always run into some decrypt errors i can't figure out how to fix.

After hours looking for some (working and not outdated) code examples and trying to find my mistake, i appreciate any input / help here.

#define KEYSIZE 32
#define IVSIZE 32
#define BLOCKSIZE 128
#define PADDING RSA_PKCS1_PADDING
#define AES_BLOCK_SIZE 16

AES::AES(QWidget *parent) : QMainWindow(parent), ui(new Ui::AES)
{
    ui->setupUi(this);

    ERR_load_EVP_strings();
    ERR_load_CRYPTO_strings();
    OpenSSL_add_all_digests();
    OpenSSL_add_all_algorithms();
    OPENSSL_config(NULL);
}

AES::~AES()
{
    EVP_cleanup();
    ERR_free_strings();

    delete ui;
}

QByteArray AES::decryptAES(QString user_key, QString user_data)
{
    // QByteArray data_base64 = user_data.toLatin1();
    QByteArray data = QByteArray::fromBase64(user_data.toLatin1());
    QByteArray iv1 = data.left(16).toHex();
    QByteArray key1 = QByteArray(QCryptographicHash::hash(user_key.toLatin1(), QCryptographicHash::Md5).toHex());

    // qDebug() << "data_base64: " << data_base64 << "len: " << data_base64.length();
    qDebug() << "data: " << data << "len: " << data.length();
    qDebug() << "iv1: " << iv1 << "len: " << iv1.length();
    qDebug() << "key1: " << key1 << "len: " << key1.length();

    unsigned char key[KEYSIZE];
    unsigned char iv[IVSIZE];

    memcpy(key, key1.data(), key1.size());
    memcpy(iv, iv1.data(), iv1.size());

    EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();
    EVP_CIPHER_CTX_init(de);

    if(!EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL, key, iv))
    {
        qCritical() << "EVP_DecryptInit_ex() failed" << ERR_error_string(ERR_get_error(), NULL);
        return QByteArray();
    }

    char *input = data.data();
    int len = data.size();

    int p_len = len, f_len = 0;
    unsigned char *plaintext = (unsigned char *)malloc(p_len + AES_BLOCK_SIZE);

    if(!EVP_DecryptUpdate(de, plaintext, &p_len, (unsigned char *)input, len))
    {
        qCritical() << "EVP_DecryptUpdate() failed " <<  ERR_error_string(ERR_get_error(), NULL);
        free(plaintext);
        return QByteArray();
    }

    if(!EVP_DecryptFinal_ex(de, plaintext + p_len, &f_len))
    {
        qCritical() << "EVP_DecryptFinal_ex() failed " <<  ERR_error_string(ERR_get_error(), NULL);
        free(plaintext);
        return QByteArray();
    }

    len = p_len + f_len;

    EVP_CIPHER_CTX_cleanup(de);

    QByteArray decrypted = QByteArray(reinterpret_cast<char*>(plaintext), len);
    free(plaintext);

    qDebug() << "decrypted: " << decrypted;

    return decrypted;
}

void AES::on_button_decrypt_clicked()
{
    QByteArray in_enc_line;
    in_enc_line.append(ui->line_encrypted->text());

    QByteArray in_key_line;
    in_key_line.append(ui->line_key->text());

    if(!in_enc_line.isEmpty() || !in_key_line.isEmpty())
    {
        ui->line_decrypted->setText(QString::fromLatin1(decryptAES(ui->line_key->text(), ui->line_encrypted->text())));
    }

}

void AES::on_line_key_textChanged(const QString &arg1)
{
    QString key_md5 = QString(QCryptographicHash::hash(arg1.toLatin1(), QCryptographicHash::Md5).toHex());
    ui->label_md5->setText(key_md5);
}

void AES::on_line_encrypted_textChanged(const QString &arg1)
{
    ui->label_base64->setText(QString::fromLatin1(QByteArray::fromBase64(arg1.toLatin1())));
    ui->label_iv->setText(QString::fromLatin1(arg1.toLatin1().left(16).toHex()));
}

Everything seems to work but i always end up with EVP_DecryptFinal_ex:bad decrypt. Where did i miss something?

Thanks!

qDebug

Anyone? :(

I'm playing around with OpenSSL and EVP for some time now but it seems i still don't get it.

Even a small hind would be nice :)

qDebug

I wonder if there is some one out there using OpenSSL EVP + Qt successfully? Most of the examples are outdated and not working. And if i ask, i always hear: try something else, it is better.

SGaist

Hi,

Did you got the OpenSSL part working without Qt ?
What examples are you referring to ?

qDebug

Hi SGaist!

I'm using

vh/0fb1R3awZqWeKpYDqlCafaRS7s49EIAPBmZXKgLo=

for testing. The encoded string ist "this is a test". My key is "test" (md5).

echo vh/0fb1R3awZqWeKpYDqlCafaRS7s49EIAPBmZXKgLo= | openssl.exe enc -d -a -A -aes-128-cbc -iv be1ff47dbd51ddac19a9678aa580ea94 -K 098f6bcd4621d373cade4e832627b4f6

This works, it gets decrypted as expected like:

YÈ])-EÖºà¯ÌSå+£gthis is a test

In my code i get a bad decrypt. I did google a lot about what may the problem. I did test and try other OpenSSL versions as well. The only think i did not try yet, is building OpenSSL myself but i'm not sure if this makes any difference.

Thanks!

SGaist

There's no need to build your own version of OpenSSL,. My question was rather: did you got EVP API working without using Qt at all ?

qDebug

Like in Visual Studio? No. Since i plan to use it in Qt i started here.

SGaist

No, I mean, just using plain C with char arrays etc.

qDebug

No, i did not.

SGaist

Then you should start by doing that. Ensure that you get it working correctly with the raw API and then you can start integrating it your GUI application.

qDebug

OK, so no one got it working in Qt yet.

Thanks.

jsulm

@qDebug said in Qt + OpenSSL & EVP_DecryptFinal_ex error bad decrypt:

OK, so no one got it working in Qt yet.

How do you know?

qDebug

This is my superpower, i can tell.

I'm right as long as some one proves me wrong ;-)