[AG-DEV] Vic and Rat Encryption

Sat Jul 23 09:57:35 CDT 2005

Hi Andrew,

This looks to be a signed/unsigned bug in the way rat calls the DES  
code, rather than a bug in the DES code itself. I've committed the  
following to the CVS version of RAT:

Index: rtp.c
===================================================================
RCS file: /cs/research/nets/common0/starship/src/local/CVS_repository/ 
common/src/rtp.c,v
retrieving revision 1.141
diff -r1.141 rtp.c
268c268
<                       char            *encryption_key;
---
 >                       unsigned char  *encryption_key;
3106c3106
<       char *key;
---
 >       unsigned char *key;
3108c3108,3111
<
---
 >       unsigned char   *testdata;
 >       FILE    *testfile;
 >       uint8_t          initVec[8] = {0,0,0,0,0,0,0,0};
 >
3119c3122
<         key = session->crypto_state.des.encryption_key = (char *)  
xmalloc(8);
---
 >         key = session->crypto_state.des.encryption_key = (unsigned  
char *) xmalloc(8);
3140a3144,3160
 >
 > #ifdef DEBUG
 >       debug_msg("DES encryption key: ");
 >       for (i = 0; i < 8; i++) {
 >               printf("%02x ", key[i]);
 >       }
 >       printf("\n");
 >       testdata = (unsigned char *) xmalloc(64);
 >       for (i = 0; i < 64; i++) {
 >           testdata[i] = i;
 >       }
 >       des_encrypt(session, testdata, 64, initVec);
 >       testfile = fopen("testfile", "w");
 >       fwrite(testdata, 64, 1, testfile);
 >       fclose(testfile);
 >       debug_msg("Wrote testfile\n");
 > #endif

This seems to fix the problem. I get a key of "23 0d cd d0 d6 fb 7c  
b3", and the testfile contains the same results as openssl using that  
key.

Cheers,
Colin

On 11 Jul 2005, at 17:05, Andrew Rowley wrote:
> The version I was trying was the source downloaded from the UCL  
> website.  It claims to be version 4.2.23 and is using the UCL  
> common library qfDES.
>
> The openssl command is:
> openssl des-cbc -K 230DCDF1D6FB7CB3 -iv 0000000000000000 -in indata  
> -out
> outdata
>
> The password is "testkey" which gets turned into the key above by  
> RAT.  I
> have attached the indata file.
>
> For rat, I put the following lines at the end of des_initialize in  
> rtp.c in
> the common directory:
>
> testdata = (char *) xmalloc(64);
> for (i = 0; i < 64; i++) {
>     testdata[i] = i;
> }
> des_encrypt(session, testdata, 64, initVec);
> testfile = fopen("testfile", "w");
> fwrite(testdata, 64, 1, testfile);
> fclose(testfile);
>
> Hope this helps,
>
> Andrew :)
>
> ============================================
> Access Grid Support Centre,
> RSS Group,
> Manchester Computing,
> Kilburn Building,
> University of Manchester,
> Oxford Road,
> Manchester,
> M13 9PL,
> UK
> Tel: +44(0)161-275 0685
> Email: Andrew.Rowley at manchester.ac.uk
>
>
>> -----Original Message-----
>> From: Colin Perkins [mailto:csp at csperkins.org]
>> Sent: 11 July 2005 16:49
>> To: Andrew Rowley
>> Cc: 'Rhys Hawkins'; ag-dev at mcs.anl.gov
>> Subject: Re: [AG-DEV] Vic and Rat Encryption
>>
>> On 11 Jul 2005, at 16:14, Andrew Rowley wrote:
>>
>>> I was using vic and rat from the command line and forcing DES
>>> encryption.
>>> It turns out that I needed to generate the key differently and just
>>> use
>>> DES/CBC/NoPadding to do this.
>>>
>>> Doing some further experiments, unless I am doing this wrong, it
>>> would seem
>>> that the DES encryption in vic and rat is broken.  I downloaded the
>>> source
>>> code and then modified it as follows:
>>>
>>> When rat initialises the des encryption, I output the 8-byte key to
>>> a file.
>>> I then generate an array of bytes consisting of the numbers 0-63 in
>>> order.
>>> I then encrypt this and output this to a file.
>>>
>>> I then take the same key and the initialisation vector of 0s and
>>> run openssl
>>> in des-cbc mode with the same key and iv on the same input.  This
>>> gives a
>>> completely different output to that given by rat.  The openssl
>>> output is the
>>> same output as is given by the Java encryption using DES/CBC/
>>> NoPadding.
>>>
>>
>> Which version of rat is this - did you test with the version from the
>> UCL CVS?
>>
>> Can you send your test routines to illustrate the problem? I'm not
>> aware of any problems with the DES code in rat, although there were
>> issues with the AES code that I fixed relatively recently.
>>
>> Colin
>>
>
>
> <indata>
>