Dear Ger Hobbelt and All, I should introduce a situation to you.
I use openssl server and client to test with DES-CBC3-SHA. server show as following: $ openssl s_server -accept 443 -cert server_cert.pem -CAfile server_ca.pem -cip her DES-CBC3-SHA Enter pass phrase for server_cert.pem: Loading 'screen' into random state - done Using default temp DH parameters Using default temp ECDH parameters ACCEPT bad gethostbyaddr -----BEGIN SSL SESSION PARAMETERS----- MHUCAQECAgMBBAIACgQgzaEJiBUiqFiWXT+W7XIP5ARv+G4UuwfKED2Gu4TMKLEE MDWXUKokAf0it42BTyfP8X08fGfQYnL5SutZKBYQCOJW2rN6H0dLOYZR7oEQXaQB daEGAgRIjpfBogQCAgEspAYEBAEAAAA= -----END SSL SESSION PARAMETERS----- Shared ciphers:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3 -SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES 128-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP- EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP- RC4-MD5 CIPHER is DES-CBC3-SHA ddddd sssss client show as following: [EMAIL PROTECTED] ~]$ openssl s_client -connect 192.10.10.104:443 -cert client_cert.pem -CAfile client_ca.pem Enter pass phrase for client_cert.pem: CONNECTED(00000003) depth=1 /C=CN/ST=guangdong/L=shenzhen/O=spectratech/OU=RD/CN=quzf/[EMAIL PROTECTED] verify return:1 depth=0 /C=CN/ST=guangdong/O=spectratech/OU=RD/CN=quzf/[EMAIL PROTECTED] verify return:1 --- Certificate chain 0 s:/C=CN/ST=guangdong/O=spectratech/OU=RD/CN=quzf/[EMAIL PROTECTED] i:/C=CN/ST=guangdong/L=shenzhen/O=spectratech/OU=RD/CN=quzf/[EMAIL PROTECTED] 1 s:/C=CN/ST=guangdong/L=shenzhen/O=spectratech/OU=RD/CN=quzf/[EMAIL PROTECTED] i:/C=CN/ST=guangdong/L=shenzhen/O=spectratech/OU=RD/CN=quzf/[EMAIL PROTECTED] --- Server certificate -----BEGIN CERTIFICATE----- MIIDpDCCAw2gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjjELMAkGA1UEBhMCQ04x EjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xFDASBgNVBAoT C3NwZWN0cmF0ZWNoMQswCQYDVQQLEwJSRDENMAsGA1UEAxMEcXV6ZjEmMCQGCSqG SIb3DQEJARYXc3pfcXV6ZkBzcGVjdHJhdGVjaC5jb20wHhcNMDgwNzI0MDMwNTU1 WhcNMDkwNzI0MDMwNTU1WjB7MQswCQYDVQQGEwJDTjESMBAGA1UECBMJZ3Vhbmdk b25nMRQwEgYDVQQKEwtzcGVjdHJhdGVjaDELMAkGA1UECxMCUkQxDTALBgNVBAMT BHF1emYxJjAkBgkqhkiG9w0BCQEWF3N6X3F1emZAc3BlY3RyYXRlY2guY29tMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxZxJlk6W+mkBzzMW7E1uz5+du1oV8 dufTuNE4YGM52uWE/6PJOai84VGPx7SWQgFslEpQ5Zso1sAstvN4c+T2Xnw9VgR8 6H1Zy2YM3WT5ca35/K33Qm0wR4o5bdHcePrqbyWoZ7XTm6eW/1IMTBNrxHtywfMX KaDTVdeMNlPDHwIDAQABo4IBIjCCAR4wCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFGGAhawP CJpMWw5QCvXcmFk6CTXqMIHDBgNVHSMEgbswgbiAFNlmSaexZ1HyCe4KZG1ymGPO ICx2oYGUpIGRMIGOMQswCQYDVQQGEwJDTjESMBAGA1UECBMJZ3Vhbmdkb25nMREw DwYDVQQHEwhzaGVuemhlbjEUMBIGA1UEChMLc3BlY3RyYXRlY2gxCzAJBgNVBAsT AlJEMQ0wCwYDVQQDEwRxdXpmMSYwJAYJKoZIhvcNAQkBFhdzel9xdXpmQHNwZWN0 cmF0ZWNoLmNvbYIJAMpTAf5ipB/0MA0GCSqGSIb3DQEBBAUAA4GBAEnxl5ax3rzW /oyE086XKuC+NGmzNlstsry8fFPhrA2qjVo4G+6c1nWt/0Cu98stq30u527AjdQK zcKm+wTK1df2zlCJiXdc8FsvRZ0MQ+1xMkbf8II4hJfUo0AH+w7ub3ebtkbb3q59 /6RfJEOiQ8lKwvqNiKDmH/xY0v30+mBw -----END CERTIFICATE----- subject=/C=CN/ST=guangdong/O=spectratech/OU=RD/CN=quzf/[EMAIL PROTECTED] issuer=/C=CN/ST=guangdong/L=shenzhen/O=spectratech/OU=RD/CN=quzf/[EMAIL PROTECTED] --- No client certificate CA names sent --- SSL handshake has read 2012 bytes and written 332 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DES-CBC3-SHA Session-ID: CDA109881522A858965D3F96ED720FE4046FF86E14BB07CA103D86BB84CC28B1 Session-ID-ctx: Master-Key: 359750AA2401FD22B78D814F27CFF17D3C7C67D06272F94AEB5928161008E256DAB37A1F474B398651EE81105DA40175 Key-Arg : None Krb5 Principal: None Start Time: 1217303619 Timeout : 300 (sec) Verify return code: 0 (ok) --- ddddd sssss I use capture software catch the package as following: Secure Socket Layer TLSv1 Record Layer: Application Data Protocol: http Content Type: Application Data (23) Version: TLS 1.0 (0x0301) Length: 24 Encrypted Application Data: 83A774CFF8152C3975B7B846076398EC1439672ECE2E1D64 TLSv1 Record Layer: Application Data Protocol: http Content Type: Application Data (23) Version: TLS 1.0 (0x0301) Length: 32 Encrypted Application Data: 7C43BC0F546596DCFEA5C85022615ACEA579A6708BEA7948... the package include two application data, the first is length=24, I don't know what the 24 bytes? My english is not very good. so I can't express my idea very well. thanks abc_123_ok 2008-07-29 发件人: Ger Hobbelt 发送时间: 2008-07-28 18:09:11 收件人: openssl-users@openssl.org 抄送: 主题: Re: Re: Re: hello everyone Couple of things to test/check next: up to now you've fed it sequences of 8 bytes which, as you report, decrypt correctly. See what your current code does for longer input sequences. The point is this: if your encrypt code encrypts N bytes and you decrypt the data at the receiver side and those /original/ N bytes show up anywhere in the decrypted output, it means AT LEAST that your encrypt/decrypt processes are 'mirrors' like they should be. It also means the decrypt code uses the same IV as the encrypt code -- assuming there's an IV used AT ALL. Say you encrypt a sequence 1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ... then the ENcrypted byte stream should NOT contain this sequence anywhere (after all, it's encrypted!) When the receiver fetches this data (which was sent to it) and DEcrypts it should show one of these DEcrypted data sequences: a) 1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ... b) abc1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ... c) 1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ...xyz or b+c): abc1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ...xyz When you don't see any of these, your encrypt/decrypt code does not use the proper keys, IVs, algorithms, whatever. From your previous messages I gather this is NOT your problem as you get to see the (b), (c) or (b+c) case instead (which one, I am not sure from reading your messages). Case (a): perfect. This is what you'd expect case (b): this can ONLY happen when encrypt+decrypt produce/process the _exact_ same encrypted data. (When you use CBC style.) This means that EITHER you fed the encrypt code a pointer/length sequence which was wrong as it pointed at the 'abc' instead of '123' start there, OR somewhere between the output of the DEcrypt and your debug/display code, you prepend the 'abc' in there AFTER decrypting; usual suspect in both case: bugs in your own 'pointer arithmetic' code. case (c): can happen when EITHER you feed the ENcrypter an input sequence with an incorrect (too large) length, so random 'xyz' will be included in the encryption operation, OR as above: length value after decryption gets modified so the extra 'xyz' at the tail is 'included' somewhere while passing the decrypted data to the debug/display code. Usual suspect: incorrect treatment of strings which are assumed to be NUL-terminated but aren't. Other incorrect length-manipulating assumptions in your sender/encrypt and/or client/decrypt code. Etc. A special case which can also cause this is when no length is encoded in the data feed to the decrypter, which then has to 'guestimate' the output (decrypted) length, while the encrypter you use 'pads' the data with zero or random content to ensure block alignment and/or other algorithm-specific requirements are met. This applies to some algorithms, not all, IIRC. (Don't ask me for a list off the top of my head; I don't know them by heart.) case b+c): mix of b+c; the mere fact that the input sequence 1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ... is visible after decryption means that at least client and server use matching keys, algorithms and IVs. So if any of b/c/b+c applies to your situation, it means you are either adding those extra header and/or tail bytes yourself before encrypting or after decrypting. WARNING: before you say 'yes, this happens here too' TEST with SEVERAL data sequences of DIFFERENT content AND length. Just to satisfy Mr. Murphy. Last but not least, I wonder why you've written this code. I am probably guessing wrong here, but from what I read in your messages, you are using an SSL connection between client and server to pass data. Then it looks to me like you are writing additional symmetric key encrypt/decrypt code here ON TOP OF THAT. I hope that I am very wrong about that last bit in capitals; if I am correct about that bit however, you are applying a dual layer of encryption (as SSL already encrypts your data too), which introduces all sorts of _very_ interesting (in the sense of raised eyebrows and scratching heads) questions. Summarizing: ------------------- - The exercise may be moot (when used as a second crypto layer on top of SSL). Chance: I don't know. Very low, I hope. It just might... - You need to test several different content / length data inputs and check if they appear 'on the other side' after decrypting the data there. Find out which case applies to your situation: (a), (b), (c), (b+c) or (d)=='none of the above'. Probable faults depend on this case identification. - My guess from far off: problems are VERY probably caused by your custom code manipulating pointers and or (unencrypted input) data length values. - My guess from far off: problems (when case (c)) MAY be due to the use of a 'padding' crypto chain, while not storing actual (a.k.a. 'true') input data length in the data stream to be encrypted. If anyone else reads this and sees a minor or major mistake, please correct me. Thank you. Ger 2008/7/28 abc_123_ok <[EMAIL PROTECTED] >: > I can't fix my problem , anybady can help me? > > ________________________________ > abc_123_ok > 2008-07-28 > ________________________________ > 发件人: abc_123_ok > 发送时间: 2008-07-25 09:35:17 > 收件人: openssl-users@openssl.org > 抄送: > 主题: Re: Re: Re: hello everyone > > Dear Victor Duchovni, > > I knew what you speak as below, > I have added the CBC padding and Mac and record head, but besides these len, > it still have 24 bytes is more. the 24 bytes is before the application > data. > > my problem still can n't be fixed. > > > ________________________________ > abc_123_ok > 2008-07-25 > ________________________________ > 发件人: Victor Duchovni > 发送时间: 2008-07-24 22:02:49 > 收件人: openssl-users@openssl.org > 抄送: > 主题: Re: Re: Re: hello everyone > > On Thu, Jul 24, 2008 at 05:10:54PM +0800, abc_123_ok wrote: > > > I want to know what the 24 byte is. > > The TLS "record layer" uses a 5 byte header. The actual data > is extended with a MAC, and encrypted which often adds CBC padding. > > You should not make any assumptions about the length of the encrypted > data on the wire, there may also be packets for renegotiation if the > client or server chooses to do that. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -------------------------------------------------- :��I"袭��r�m���?(ラ觳Z+�K?│��1ē�x ��hラ觳[�z?ラ觳Z+� ��f�y意灿���f"�h��)z{,��