[AG-DEV] Vic and Rat Encryption

Mon Jul 25 06:41:05 CDT 2005

Hi,

This appears to fix the bug - The Java version and the lib-common version
can now speak to each other correctly.  There was also a signed/unsigned bug
in the Java code interestingly enough, but obviously the bug showed up in
different ways...

Andrew :)

============================================
Access Grid Support Centre,
RSS Group,
Manchester Computing,
Kilburn Building,
University of Manchester,
Oxford Road,
Manchester, 
M13 9PL, 
UK
Tel: +44(0)161-275 0685
Email: Andrew.Rowley at manchester.ac.uk 

> -----Original Message-----
> From: owner-ag-dev at mcs.anl.gov [mailto:owner-ag-dev at mcs.anl.gov] On Behalf
> Of Colin Perkins
> Sent: 23 July 2005 15:58
> To: Andrew Rowley
> Cc: ag-dev at mcs.anl.gov
> Subject: Re: [AG-DEV] Vic and Rat Encryption
> 
> Hi Andrew,
> 
> This looks to be a signed/unsigned bug in the way rat calls the DES
> code, rather than a bug in the DES code itself. I've committed the
> following to the CVS version of RAT:
> 
> Index: rtp.c
> ===================================================================
> RCS file: /cs/research/nets/common0/starship/src/local/CVS_repository/
> common/src/rtp.c,v
> retrieving revision 1.141
> diff -r1.141 rtp.c
> 268c268
> <                       char            *encryption_key;
> ---
>  >                       unsigned char  *encryption_key;
> 3106c3106
> <       char *key;
> ---
>  >       unsigned char *key;
> 3108c3108,3111
> <
> ---
>  >       unsigned char   *testdata;
>  >       FILE    *testfile;
>  >       uint8_t          initVec[8] = {0,0,0,0,0,0,0,0};
>  >
> 3119c3122
> <         key = session->crypto_state.des.encryption_key = (char *)
> xmalloc(8);
> ---
>  >         key = session->crypto_state.des.encryption_key = (unsigned
> char *) xmalloc(8);
> 3140a3144,3160
>  >
>  > #ifdef DEBUG
>  >       debug_msg("DES encryption key: ");
>  >       for (i = 0; i < 8; i++) {
>  >               printf("%02x ", key[i]);
>  >       }
>  >       printf("\n");
>  >       testdata = (unsigned char *) xmalloc(64);
>  >       for (i = 0; i < 64; i++) {
>  >           testdata[i] = i;
>  >       }
>  >       des_encrypt(session, testdata, 64, initVec);
>  >       testfile = fopen("testfile", "w");
>  >       fwrite(testdata, 64, 1, testfile);
>  >       fclose(testfile);
>  >       debug_msg("Wrote testfile\n");
>  > #endif
> 
> This seems to fix the problem. I get a key of "23 0d cd d0 d6 fb 7c
> b3", and the testfile contains the same results as openssl using that
> key.
> 
> Cheers,
> Colin
> 
> 
> 
> On 11 Jul 2005, at 17:05, Andrew Rowley wrote:
> > The version I was trying was the source downloaded from the UCL
> > website.  It claims to be version 4.2.23 and is using the UCL
> > common library qfDES.
> >
> > The openssl command is:
> > openssl des-cbc -K 230DCDF1D6FB7CB3 -iv 0000000000000000 -in indata
> > -out
> > outdata
> >
> > The password is "testkey" which gets turned into the key above by
> > RAT.  I
> > have attached the indata file.
> >
> > For rat, I put the following lines at the end of des_initialize in
> > rtp.c in
> > the common directory:
> >
> > testdata = (char *) xmalloc(64);
> > for (i = 0; i < 64; i++) {
> >     testdata[i] = i;
> > }
> > des_encrypt(session, testdata, 64, initVec);
> > testfile = fopen("testfile", "w");
> > fwrite(testdata, 64, 1, testfile);
> > fclose(testfile);
> >
> > Hope this helps,
> >
> > Andrew :)
> >
> > ============================================
> > Access Grid Support Centre,
> > RSS Group,
> > Manchester Computing,
> > Kilburn Building,
> > University of Manchester,
> > Oxford Road,
> > Manchester,
> > M13 9PL,
> > UK
> > Tel: +44(0)161-275 0685
> > Email: Andrew.Rowley at manchester.ac.uk
> >
> >
> >> -----Original Message-----
> >> From: Colin Perkins [mailto:csp at csperkins.org]
> >> Sent: 11 July 2005 16:49
> >> To: Andrew Rowley
> >> Cc: 'Rhys Hawkins'; ag-dev at mcs.anl.gov
> >> Subject: Re: [AG-DEV] Vic and Rat Encryption
> >>
> >> On 11 Jul 2005, at 16:14, Andrew Rowley wrote:
> >>
> >>> I was using vic and rat from the command line and forcing DES
> >>> encryption.
> >>> It turns out that I needed to generate the key differently and just
> >>> use
> >>> DES/CBC/NoPadding to do this.
> >>>
> >>> Doing some further experiments, unless I am doing this wrong, it
> >>> would seem
> >>> that the DES encryption in vic and rat is broken.  I downloaded the
> >>> source
> >>> code and then modified it as follows:
> >>>
> >>> When rat initialises the des encryption, I output the 8-byte key to
> >>> a file.
> >>> I then generate an array of bytes consisting of the numbers 0-63 in
> >>> order.
> >>> I then encrypt this and output this to a file.
> >>>
> >>> I then take the same key and the initialisation vector of 0s and
> >>> run openssl
> >>> in des-cbc mode with the same key and iv on the same input.  This
> >>> gives a
> >>> completely different output to that given by rat.  The openssl
> >>> output is the
> >>> same output as is given by the Java encryption using DES/CBC/
> >>> NoPadding.
> >>>
> >>
> >> Which version of rat is this - did you test with the version from the
> >> UCL CVS?
> >>
> >> Can you send your test routines to illustrate the problem? I'm not
> >> aware of any problems with the DES code in rat, although there were
> >> issues with the AES code that I fixed relatively recently.
> >>
> >> Colin
> >>
> >
> >
> > <indata>
> >
> 