[AG-DEV] Vic and Rat Encryption
Andrew Rowley
Andrew.Rowley at manchester.ac.uk
Mon Jul 25 06:41:05 CDT 2005
Hi,
This appears to fix the bug - The Java version and the lib-common version
can now speak to each other correctly. There was also a signed/unsigned bug
in the Java code interestingly enough, but obviously the bug showed up in
different ways...
Andrew :)
============================================
Access Grid Support Centre,
RSS Group,
Manchester Computing,
Kilburn Building,
University of Manchester,
Oxford Road,
Manchester,
M13 9PL,
UK
Tel: +44(0)161-275 0685
Email: Andrew.Rowley at manchester.ac.uk
> -----Original Message-----
> From: owner-ag-dev at mcs.anl.gov [mailto:owner-ag-dev at mcs.anl.gov] On Behalf
> Of Colin Perkins
> Sent: 23 July 2005 15:58
> To: Andrew Rowley
> Cc: ag-dev at mcs.anl.gov
> Subject: Re: [AG-DEV] Vic and Rat Encryption
>
> Hi Andrew,
>
> This looks to be a signed/unsigned bug in the way rat calls the DES
> code, rather than a bug in the DES code itself. I've committed the
> following to the CVS version of RAT:
>
> Index: rtp.c
> ===================================================================
> RCS file: /cs/research/nets/common0/starship/src/local/CVS_repository/
> common/src/rtp.c,v
> retrieving revision 1.141
> diff -r1.141 rtp.c
> 268c268
> < char *encryption_key;
> ---
> > unsigned char *encryption_key;
> 3106c3106
> < char *key;
> ---
> > unsigned char *key;
> 3108c3108,3111
> <
> ---
> > unsigned char *testdata;
> > FILE *testfile;
> > uint8_t initVec[8] = {0,0,0,0,0,0,0,0};
> >
> 3119c3122
> < key = session->crypto_state.des.encryption_key = (char *)
> xmalloc(8);
> ---
> > key = session->crypto_state.des.encryption_key = (unsigned
> char *) xmalloc(8);
> 3140a3144,3160
> >
> > #ifdef DEBUG
> > debug_msg("DES encryption key: ");
> > for (i = 0; i < 8; i++) {
> > printf("%02x ", key[i]);
> > }
> > printf("\n");
> > testdata = (unsigned char *) xmalloc(64);
> > for (i = 0; i < 64; i++) {
> > testdata[i] = i;
> > }
> > des_encrypt(session, testdata, 64, initVec);
> > testfile = fopen("testfile", "w");
> > fwrite(testdata, 64, 1, testfile);
> > fclose(testfile);
> > debug_msg("Wrote testfile\n");
> > #endif
>
> This seems to fix the problem. I get a key of "23 0d cd d0 d6 fb 7c
> b3", and the testfile contains the same results as openssl using that
> key.
>
> Cheers,
> Colin
>
>
>
> On 11 Jul 2005, at 17:05, Andrew Rowley wrote:
> > The version I was trying was the source downloaded from the UCL
> > website. It claims to be version 4.2.23 and is using the UCL
> > common library qfDES.
> >
> > The openssl command is:
> > openssl des-cbc -K 230DCDF1D6FB7CB3 -iv 0000000000000000 -in indata
> > -out
> > outdata
> >
> > The password is "testkey" which gets turned into the key above by
> > RAT. I
> > have attached the indata file.
> >
> > For rat, I put the following lines at the end of des_initialize in
> > rtp.c in
> > the common directory:
> >
> > testdata = (char *) xmalloc(64);
> > for (i = 0; i < 64; i++) {
> > testdata[i] = i;
> > }
> > des_encrypt(session, testdata, 64, initVec);
> > testfile = fopen("testfile", "w");
> > fwrite(testdata, 64, 1, testfile);
> > fclose(testfile);
> >
> > Hope this helps,
> >
> > Andrew :)
> >
> > ============================================
> > Access Grid Support Centre,
> > RSS Group,
> > Manchester Computing,
> > Kilburn Building,
> > University of Manchester,
> > Oxford Road,
> > Manchester,
> > M13 9PL,
> > UK
> > Tel: +44(0)161-275 0685
> > Email: Andrew.Rowley at manchester.ac.uk
> >
> >
> >> -----Original Message-----
> >> From: Colin Perkins [mailto:csp at csperkins.org]
> >> Sent: 11 July 2005 16:49
> >> To: Andrew Rowley
> >> Cc: 'Rhys Hawkins'; ag-dev at mcs.anl.gov
> >> Subject: Re: [AG-DEV] Vic and Rat Encryption
> >>
> >> On 11 Jul 2005, at 16:14, Andrew Rowley wrote:
> >>
> >>> I was using vic and rat from the command line and forcing DES
> >>> encryption.
> >>> It turns out that I needed to generate the key differently and just
> >>> use
> >>> DES/CBC/NoPadding to do this.
> >>>
> >>> Doing some further experiments, unless I am doing this wrong, it
> >>> would seem
> >>> that the DES encryption in vic and rat is broken. I downloaded the
> >>> source
> >>> code and then modified it as follows:
> >>>
> >>> When rat initialises the des encryption, I output the 8-byte key to
> >>> a file.
> >>> I then generate an array of bytes consisting of the numbers 0-63 in
> >>> order.
> >>> I then encrypt this and output this to a file.
> >>>
> >>> I then take the same key and the initialisation vector of 0s and
> >>> run openssl
> >>> in des-cbc mode with the same key and iv on the same input. This
> >>> gives a
> >>> completely different output to that given by rat. The openssl
> >>> output is the
> >>> same output as is given by the Java encryption using DES/CBC/
> >>> NoPadding.
> >>>
> >>
> >> Which version of rat is this - did you test with the version from the
> >> UCL CVS?
> >>
> >> Can you send your test routines to illustrate the problem? I'm not
> >> aware of any problems with the DES code in rat, although there were
> >> issues with the AES code that I fixed relatively recently.
> >>
> >> Colin
> >>
> >
> >
> > <indata>
> >
>
More information about the ag-dev
mailing list