RE: des_ncbc_encrypt question

2009-03-08 Thread Bill Colvin 
I suggest you carefully read the following function description paying close 
attention to length.

DES_ncbc_encrypt() encrypts/decrypts using the cipher-block-chaining (CBC) mode 
of DES. If the encrypt argument is non-zero, the routine cipher-block-chain 
encrypts the cleartext data pointed to by the input argument into the 
ciphertext pointed to by the output argument, using the key schedule provided 
by the schedule argument, and initialization vector provided by the ivec 
argument. If the length argument is not an integral multiple of eight bytes, 
the last block is copied to a temporary area and zero filled. The output is 
always an integral multiple of eight bytes. 

Bill

-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Nikos Balkanas
Sent: March 8, 2009 1:20 PM
To: openssl-users@openssl.org
Subject: des_ncbc_encrypt question

Hi,

I am using des_ncbc_encrypt to encrypt/decrypt packages in a server/client 
architecture (CBC mode). When I test encryption/decryption from within the 
server I get everything decrypted OK, except the last 4 bytes. However, this 
is enough for the client to reject the packet. I am using the following 
code:

uchar * output;
des_key_schedule des_ks;
des_cblock des_key, des_iv;

memcpy(des_iv, iv, sizeof(des_iv));
memcpy(des_key, server_write_enc_key, sizeof(des_key));
des_set_odd_parity(des_key);
if (des_set_key_checked(des_key, des_ks))
{
error(0, wtls_des: Unable to set key schedule);
return(NULL);
}
output = (uchar *)gw_malloc((len + 1)* sizeof(uchar));
des_ncbc_encrypt(data, output, len, des_ks, des_iv, crypt);

where crypt takes the values DES_ENCRYPT or DES_DECRYPT.

gdb
(gdb) p data + 1640
$11 = (
unsigned char *) 0x75f700 
*ξΥΰl:=8υ\n\236\236π\006\006\006\006\006\006\006
(gdb) p output + 1640
$15 = (uchar *) 0x75e6f0 YyΚ6ΰ�'\216―LΊkφ\033\232’)«Ε\233

Decrypting output through another call to the same function (everything gets 
reinitialized) I get:

(gdb) p data + 1640
$22 = (unsigned char *) 0x760710 YyΚ6ΰ�'\216―LΊkφ\033\232’)«Ε\233 (OK)
(gdb) p output + 1640
$24 = (uchar *) 0x75c6d0 *ξΥΰl:=8υ\n\236\236π\006\006\006(VχR (??)

Everything is fine except for the trailing (VχR. Any ideas or pointers of 
what is wrong, would be greatly appreciated.

Thanx,
Nikos Balkanas






__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: des_ncbc_encrypt question

2009-03-08 Thread Nikos Balkanas 

Dear Bill,

Thank you very much for your quick reponse, on Sunday night!

Indeed I had read this part, but couldn't make much of it. It took me a 
while to rewrite the code, but eventually everything looks fine!


BR,
Nikos



- Original Message - 
From: Bill Colvin bill.col...@opticatech.com

To: openssl-users@openssl.org
Sent: Sunday, March 08, 2009 9:11 PM
Subject: RE: des_ncbc_encrypt question


I suggest you carefully read the following function description paying 
close attention to length.


DES_ncbc_encrypt() encrypts/decrypts using the cipher-block-chaining (CBC) 
mode of DES. If the encrypt argument is non-zero, the routine 
cipher-block-chain encrypts the cleartext data pointed to by the input 
argument into the ciphertext pointed to by the output argument, using the 
key schedule provided by the schedule argument, and initialization vector 
provided by the ivec argument. If the length argument is not an integral 
multiple of eight bytes, the last block is copied to a temporary area and 
zero filled. The output is always an integral multiple of eight bytes.


Bill

-Original Message-
From: owner-openssl-us...@openssl.org 
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Nikos Balkanas

Sent: March 8, 2009 1:20 PM
To: openssl-users@openssl.org
Subject: des_ncbc_encrypt question

Hi,

I am using des_ncbc_encrypt to encrypt/decrypt packages in a server/client
architecture (CBC mode). When I test encryption/decryption from within the
server I get everything decrypted OK, except the last 4 bytes. However, 
this

is enough for the client to reject the packet. I am using the following
code:

uchar * output;
des_key_schedule des_ks;
des_cblock des_key, des_iv;

memcpy(des_iv, iv, sizeof(des_iv));
memcpy(des_key, server_write_enc_key, sizeof(des_key));
des_set_odd_parity(des_key);
if (des_set_key_checked(des_key, des_ks))
{
   error(0, wtls_des: Unable to set key schedule);
   return(NULL);
}
output = (uchar *)gw_malloc((len + 1)* sizeof(uchar));
des_ncbc_encrypt(data, output, len, des_ks, des_iv, crypt);

where crypt takes the values DES_ENCRYPT or DES_DECRYPT.

gdb
(gdb) p data + 1640
$11 = (
   unsigned char *) 0x75f700
*ξΥΰl:=8υ\n\236\236π\006\006\006\006\006\006\006
(gdb) p output + 1640
$15 = (uchar *) 0x75e6f0 Yy�6ΰ�'\216―L�kφ\033\232’)«Ε\233

Decrypting output through another call to the same function (everything 
gets

reinitialized) I get:

(gdb) p data + 1640
$22 = (unsigned char *) 0x760710 
Yy�6ΰ�'\216―L�kφ\033\232’)«Ε\233 (OK)

(gdb) p output + 1640
$24 = (uchar *) 0x75c6d0 *ξΥΰl:=8υ\n\236\236π\006\006\006(VχR (??)

Everything is fine except for the trailing (VχR. Any ideas or pointers 
of

what is wrong, would be greatly appreciated.

Thanx,
Nikos Balkanas






__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org
:I®r¶Γ¥²�­¦1��¥²z¥²€Άy²�®Ά�z– 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org