<div dir="ltr"><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">I have implemented AES 128 encrypt and decrypt functions and tested it with sample data and it checks out perfectly. I used the following reference:<a href="https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf" rel="nofollow noreferrer" target="_blank" style="color:rgb(0,89,153);margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit">https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf</a></p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">Next I implemented a dummy SSL client and SSL server which uses openssl to send and receive data. It is working without any error and the messages are exchanged seamlessly.</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">My main goal here is to use openssl for initial handshake sequence. Once the connection is established between server and client, decrypt the incoming message (this time not using the openssl api but rather by using the decrypt AES function implemented earlier) and print and similarly for outgoing message. We will focus on incoming messages.</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">For this of course I will need the decrypt key and IV. I got the decrypt key(read key) on client side like following: (ssl is the SSL* structure of openssl for the established connection, I am accessing the source code structures of openssl directly)</p><pre style="white-space:pre-wrap;font-size:13px;margin-top:0px;margin-bottom:1em;padding:5px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;vertical-align:baseline;box-sizing:inherit;width:auto;max-height:600px;overflow:auto;background-color:rgb(239,240,241);color:rgb(36,39,41)"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;vertical-align:baseline;box-sizing:inherit;white-space:inherit">//following struct copied from crypto/evp/e_aes.c
typedef struct {
    union {
        double align;
        AES_KEY ks;
    } ks;
    block128_f block;
    union {
        cbc128_f cbc;
        ctr128_f ctr;
    } stream;
} EVP_AES_KEY;

[Client Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_read_ctx);
cipher_data->ks.ks.rd_key  --> this is the decrypt key
</code></pre><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">I used this key to decrypt the incoming message with the AES decrypt function but in vain.</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">Now AES is symmetric encryption so I thought let me check the encrypt(write) key on the server side. The encrypt key on server should be equal to decrypt key on client side. I got the encrypt key on server like following:</p><pre style="white-space:pre-wrap;font-size:13px;margin-top:0px;margin-bottom:1em;padding:5px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;vertical-align:baseline;box-sizing:inherit;width:auto;max-height:600px;overflow:auto;background-color:rgb(239,240,241);color:rgb(36,39,41)"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;vertical-align:baseline;box-sizing:inherit;white-space:inherit">[Server Side]
EVP_AES_KEY *cipher_data;
cipher_data = EVP_CIPHER_CTX_get_cipher_data(ssl->enc_write_ctx);
cipher_data->ks.ks.rd_key  --> this is the encrypt key
</code></pre><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">To my surprise they are different. Now if I use the above encrypt key of server to decrypt the message on the client side. The message is decrypted successfully.(as expected, the key used for encrypting the message is used to decrypt the message in AES standard).</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">So I reach the following inferences:</p><ol style="margin:0px 0px 1em 30px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;list-style-position:initial;box-sizing:inherit;color:rgb(36,39,41)"><li style="margin:0px 0px 0.5em;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit">The decrypt key which is acquired on the client side is encrypted in some way in openssl?</li><li style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit">My method for getting the decrypt key on client side is wrong.</li></ol><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">How can I get the decrypt key on the client side which I can use in the AES decryption routine?</p><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><font color="#444444">Best Regards,</font><div><font color="#444444">Hemant Ranvir</font><br><br><font size="2"><font face="arial, helvetica, sans-serif" color="#444444"><i>"<span style="line-height:21px">To live a creative life, we must lose our fear of being wrong.</span></i></font><span style="color:rgb(136,136,136);line-height:21px"><font face="arial, helvetica, sans-serif"><i><font color="#444444">" - J.C.Pearce</font></i></font></span></font><br></div></div></div></div></div></div></div>