AD encryption (decryption) #192
Description
Seems that AD encryption section (it's decryption part) is wrong.
Trying to decrypt a simple E01 encrypted file (created with the help of AccessData FTK Imager 4.7.1.2) using password "test" (file attached):
#include <iostream>
#include <fstream>
#include <vector>
#include <cassert>
#include <openssl/evp.h>
#include <openssl/hmac.h>
std::vector<unsigned char> read_at_offset(const char* fn, unsigned offset, size_t size) {
std::vector<unsigned char> buffer;
std::ifstream file(fn, std::ios::binary);
if (!file.is_open()) {
std::cerr << "Failed to open file " << fn << std::endl;
return buffer;
}
file.seekg(offset, std::ios::beg);
// read the data
buffer.resize(size);
file.read((char*)buffer.data(), buffer.size());
assert(file.gcount() == buffer.size());
return buffer;
}
int main()
{
const char fp[] = "C:/temp/E01/small-enc-pass.E01";
char pass[] = "test";
auto iter_count = *(unsigned int*)read_at_offset(fp, 32, 4).data();
auto salt_len = *(unsigned int*)read_at_offset(fp, 36, 4).data();
auto key_len = *(unsigned int*)read_at_offset(fp, 40, 4).data();
auto hmac_len = *(unsigned int*)read_at_offset(fp, 44, 4).data();
auto salt = read_at_offset(fp, 48, salt_len);
auto fkey = read_at_offset(fp, 48 + salt_len, key_len);
auto hmac = read_at_offset(fp, 48 + salt_len + key_len, hmac_len);
auto pkey = std::vector<unsigned char>(key_len);
auto success = PKCS5_PBKDF2_HMAC(pass, sizeof(pass)-1, salt.data(), salt.size(), iter_count, EVP_sha512(), pkey.size(), pkey.data());
assert(success == 1);
assert(hmac_len == EVP_MAX_MD_SIZE);
unsigned char hmac_result[EVP_MAX_MD_SIZE];
HMAC(EVP_sha512(), pkey.data(), pkey.size(), fkey.data(), fkey.size(), hmac_result, &hmac_len);
assert(EVP_MAX_MD_SIZE == hmac.size());
for (auto i = 0; i < EVP_MAX_MD_SIZE; i++) {
printf("%02u\n", hmac[i]);
printf("%02u\n", hmac_result[i]);
assert(hmac[i] == hmac_result[i]);
}
printf("OK\n");
}