shell script for decryption in codeigniter-v3.1.11

gistfile1.txt

#!/bin/sh
#
# Copyright (c) 2020 V.Krishn
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the Simplified BSD License (also
# known as the "2-Clause License" or "FreeBSD License".)
#
# This program is distributed in the hope that it will be useful,
# but without any warranty; without even the implied warranty of
# merchantability or fitness for a particular purpose.
#
# Author contact information:
#   vkrishn@insteps.net
#   http://www.insteps.net
#
# ******************************************************************
#
# Code to decrypt encrypted ciphertext from codeigniter's encryption.
#   Use at your own risk.
#
#

fpath=$(readlink -f $0)
PWD=$(pwd)

# length = 64
# move it to separate file if its in production server
KEY='e4c634ec33ca2ddf19ea2657b74f4ee234bdf0cc438e94ae6bb6effd0e6425e0'

HexToBin() {
  echo $1 | xxd -r -ps
  # echo $1 | xxd -r -p
}
BinToHex() {
  echo $1 | xxd -ps -c 200
  # echo $1 | xxd -p -c 200
}
BinToBase64() {
  echo $1 | base64 -w 200
}
Base64ToBin() {
  echo $1 | base64 -d
}

# -------------------------------------------------------------------
# HKDF
#
# @link	https://tools.ietf.org/rfc/rfc5869.txt
# # TODO
# -------------------------------------------------------------------
HMAC_Enc() {
  LENGTH=$(HexToBin $KEY | wc -c) 
  openssl pkeyutl -kdf HKDF -kdflen $LENGTH \
    -pkeyopt md:SHA512 \
    -pkeyopt hexkey:$KEY \
    -pkeyopt salt:'' \
    -pkeyopt info:'encryption' | xxd -ps -c 200
}
# hmac_key
# OPTS: md, salt, key, info
# KEY = original key (hex format) # length = 64
# OUTPUT = hmac2 (used in HMAC_Digest)
HMAC_Auth() {
  LENGTH=64
  openssl pkeyutl -kdf HKDF -kdflen $LENGTH \
    -pkeyopt md:SHA512 \
    -pkeyopt hexkey:$KEY \
    -pkeyopt salt:'' \
    -pkeyopt info:'authentication' | xxd -ps -c 200
}

HMAC_Digest() {
  data="$1" # data in BASE64 format
  # hmac2="$2" # key in hex format
  local hmac2=$(HMAC_Auth) # key in hex format
  echo -n $data | openssl dgst -sha512 -hex -mac HMAC -macopt hexkey:"$hmac2"
}
# -------------------------------------------------------------------

# INPUT BASE64 format, # OUTPUT BASE64 format
_getData() {
  local data="$1"
  local DLENGTH=$(echo -n $data | wc -c)
  local LENGTH='129'
  if [ "$DLENGTH" -lt "$LENGTH" ]; then
    echo $data; return
  fi
  echo $(echo -n $data | cut -b ${LENGTH}-)
}

# INPUT BASE64 format, # OUTPUT binary
GetData() {
  local data="$1"; local DATA=$(_getData "$data")
  echo -n "$DATA" | base64 -d --ignore-garbage | xxd -p -s16 | xxd -r -ps 
}

# INPUT BASE64 format, # OUTPUT hexkey
GetIv() {
  local data="$1"; local DATA=$(_getData "$data")
  echo -n "$DATA" | base64 -d --ignore-garbage \
                | cut -z -b-16 | xxd -ps \
                | cut -z -b-32 | tr -d '\0' # works
}

# INPUT BASE64 format, # OUTPUT text
DECODE() {
  local DATA=$1
  # local DATA=$(< './cip.txt')
  HMACKEY=$(HMAC_Enc)
  IV=$(GetIv $DATA)
  # GetData $DATA > cip2
  GetData $DATA | openssl enc -d -aes-256-ctr -nosalt -nopad -K "${HMACKEY}" -iv "${IV}"
  # cat 'cip2' | openssl enc -d -aes-256-ctr -nosalt -nopad -K "${HMACKEY}" -iv "${IV}"
}

_DO_TEST() {
	# ---------------------------------------------------------
	plain_text='This is a plain-text message!'
	# ---------------------------------------------------------
	echo '-------------------------------------------------------------'
	echo 'plain_text:       This is a plain-text message!'
	echo 'KEY:     hex      e4c634ec33ca2ddf19ea2657b74f4ee234bdf0cc438e94ae6bb6effd0e6425e0'
	echo 'HMACKEY: hex      9ae1114a640416327dca7550a41fdaab96e1710190ce378cc3bd41aedf3462af'
	echo '$iv:     bin2hex  7e809c42eef914127c219ba264f3f4b3' '(str fixed for TEST)'
	echo '$iv:     base64   foCcQu75FBJ8IZuiZPP0sw=='
	echo '$data:   bin2hex  36dc07b8c946e337ddd56c9233801cc5b1a9719fe0d6dbb8fa0e7b35db'
	echo '$data:   base64   NtwHuMlG4zfd1WySM4AcxbGpcZ/g1tu4+g57Nds='
	echo '-------------------------------------------------------------'
	# hmac2='4df73cfce3dc9ccc239bc94858f7c7cc218bc4704b234c5af3bd7ea3d965e33f40c4e48b61fc0ca633cc891d86dc7488d4077ee0c801adde62c23ccca23f280a'
	# hmac3='f1ef53a04514bd269197a31593244626d03db71f0733a2c402c0f74b81c34233c420a6264efc939553e076fbaccfd83feac17d5a210cad8ca781f4866d39af31'
	# ---------------------------------------------------------
	data='foCcQu75FBJ8IZuiZPP0szbcB7jJRuM33dVskjOAHMWxqXGf4NbbuPoOezXb'  # == base64(binary (iv+data))
	fullDATA='f1ef53a04514bd269197a31593244626d03db71f0733a2c402c0f74b81c34233c420a6264efc939553e076fbaccfd83feac17d5a210cad8ca781f4866d39af31foCcQu75FBJ8IZuiZPP0szbcB7jJRuM33dVskjOAHMWxqXGf4NbbuPoOezXb' # HMAC_Digest+iv+data
	# ---------------------------------------------------------

	# ---------------------------------------------------------
	# ---------------------------------------------------------
	echo '$data: '$data
	# ------------------- works
	echo '>>> HMAC_Enc::'$(HMAC_Enc)
	echo '>>> HMAC_Auth::'$(HMAC_Auth)
	data=$(_getData "$fullDATA")
	echo '>>> HMAC_Digest::'$(HMAC_Digest "$data")
	echo '>>> GetIv::'$(GetIv "$fullDATA")
	echo '>>> DECODE::'$(DECODE "$fullDATA")
	# -------------------
	# ---------------------------------------------------------
	# ---------------------------------------------------------
}

#!/bin/sh

HOWTO DECODE

source ./lib.sh
_TEMPF='cip.txt' # file containing ciphertext
ct=$(cat "$_TEMPF");
if [ $(echo $ct | wc -c) -lt 128 ]; then exit; fi
DECODE $ct

Current params that works well are:

	$params = array(
		'driver' => 'openssl',
		'cipher' => 'aes-256',
		'mode' => 'ctr',
		'key' => $key,
		'hmac' => TRUE,
		'hmac_digest' => 'sha512',
		'base64' => 1,
	);