Decryption and encryption of packet using openssl command line
Hi, I have a query about how to use the openssl command line to decrypt and encrypt my packet. Below is an ipsec encrypted packet which i decrypt and print on the console. When I try to do the same with openssl command line it gives a different value
Before decryption (below is a complete packet which I have split for understandability)START: 4500 0060 9f80 4000 8032 d65e c0a8 01a2 [EMAIL PROTECTED]
0010: c0a8 019a ---> IP Packet 9e40 cf04 0002 ---> SPI and Sequence number
9971 4c73 [EMAIL PROTECTED]0020: 7842 49c1 ---> IV 7b13 3576 8c17 21c8 65a9 8d00 xBI.{.5v..!.e...
0030: 1e99 1b74 3e86 6476 07e7 f8e8 04f0 0e5d ...t>.dv...]0040: 8d63 41d9 cdb0 1304 c800 0b6e bfbb c069 .cAn...i0050: e594 b4d5 --->
Encrypted packet b330 d80f 84cc 0106 57b8 0eaf .0..W... --> Authentication data
ENDAfter DecryptionSTART
not shown: 9e40 cf04 0002 ---> SPI and sequence number 9971 4c73 7842 49c1 [EMAIL PROTECTED] --->
IVSTART OF DECRYPTED PACKET0010: 0def 01bb a8cc c11d d59f 3997 5019 faf0 ..9.P...0020: 7452 1503 0100 1228 ce83 baef 8a8b tR...(..
0030: b4e9 a6b8 03b5 8392 da04 3a 01 0203 0306 ..:. ---> padding, pad length and next header field
END OF DECRYPTED PACKET0040: b330 d80f 84cc 0106 57b8 0eaf .0..W... --->Authentication data
END: cbcc d7dc c448 fd53 4dce d67f d2c3 6fe0 .H.SM.o.0010: 5838 0444 -->
Cipher keyThe command that I am using for decryption of the packet is --> openssl enc -des3 -in input_pkt -out out_pkt -nopad -d -K "7de79edfe7046acd223f6a72b6bb354c4a6888f672d61cbb" -iv "43990d51bba59ece
The input packet I am passing as an array in a c file and printing the ascii into a file name input_packet. Below is the code for it#include #include #include
#include #include int main(){ unsigned char in_packet[]={ 0x7b,0x13, 0x35,0x76, 0x8c,0x17, 0x21,0xc8, 0x65,0xa9, 0x8d,0x00, 0x1e,0x99, 0x1b,0x74, 0x3e,0x86, 0x64,0x76, 0x07,0xe7, 0xf8,0xe8, 0x04,0xf0, 0x0e,0x5d, 0x8d,0x63, 0x41,0xd9, 0xcd,0xd0, 0x13,0x04, 0xc8,0x00, 0x0b,0x6e, 0xbf,0xbb, 0xc0,0x69, 0xe5,0x94, 0xb4, 0xd5};
unsigned int i=0; FILE *fd_d; fd_d = fopen("input_pkt","r+"); printf("sizeof in_packet is : %d\n",sizeof(in_packet)); if(fd_d == NULL) {
printf("fd not created\n"); return 1; } while(i < (sizeof(in_packet))) { fprintf(fd_d,"%c",in_packet[i]); printf("%x",in_packet[i]);
i++; } printf("\nvalue of i is %d\n",i); fclose(fd_d); return 0;}Can any one help me out. the packet after decryption should look like the above. I think many of you might have used this functionality and it shouldn't a difficult thing for you folks to answer.
Thanks a lot in advance.
Re: Decryption and encryption of packet using openssl command line
hmmmtough to imagine but no body seems to know it or it might be to simple.On 12/9/05, Riaz Farnaz <[EMAIL PROTECTED]
> wrote:Hi, I have a query about how to use the openssl command line to decrypt and encrypt my packet. Below is an ipsec encrypted packet which i decrypt and print on the console. When I try to do the same with openssl command line it gives a different value
Before decryption (below is a complete packet which I have split for understandability)START: 4500 0060 9f80 4000 8032 d65e c0a8 01a2 [EMAIL PROTECTED]
0010: c0a8 019a ---> IP Packet 9e40 cf04 0002 ---> SPI and Sequence number
9971 4c73 [EMAIL PROTECTED]0020: 7842 49c1 ---> IV 7b13 3576 8c17 21c8 65a9 8d00 xBI.{.5v..!.e...
0030: 1e99 1b74 3e86 6476 07e7 f8e8 04f0 0e5d ...t>.dv...]0040: 8d63 41d9 cdb0 1304 c800 0b6e bfbb c069 .cAn...i0050: e594 b4d5 --->
Encrypted packet b330 d80f 84cc 0106 57b8 0eaf .0..W... --> Authentication data
ENDAfter DecryptionSTART
not shown: 9e40 cf04 0002 ---> SPI and sequence number 9971 4c73 7842 49c1 [EMAIL PROTECTED] --->
IVSTART OF DECRYPTED PACKET0010: 0def 01bb a8cc c11d d59f 3997 5019 faf0 ..9.P...0020: 7452 1503 0100 1228 ce83 baef 8a8b tR...(..
0030: b4e9 a6b8 03b5 8392 da04 3a 01 0203 0306 ..:. ---> padding, pad length and next header field
END OF DECRYPTED PACKET0040: b330 d80f 84cc 0106 57b8 0eaf .0..W... --->Authentication data
END: cbcc d7dc c448 fd53 4dce d67f d2c3 6fe0 .H.SM.o.0010: 5838 0444 -->
Cipher keyThe command that I am using for decryption of the packet is --> openssl enc -des3 -in input_pkt -out out_pkt -nopad -d -K "7de79edfe7046acd223f6a72b6bb354c4a6888f672d61cbb" -iv "43990d51bba59ece
The input packet I am passing as an array in a c file and printing the ascii into a file name input_packet. Below is the code for it#include #include #include
#include #include int main(){ unsigned char in_packet[]={ 0x7b,0x13, 0x35,0x76, 0x8c,0x17, 0x21,0xc8, 0x65,0xa9, 0x8d,0x00, 0x1e,0x99, 0x1b,0x74, 0x3e,0x86, 0x64,0x76, 0x07,0xe7, 0xf8,0xe8, 0x04,0xf0, 0x0e,0x5d, 0x8d,0x63, 0x41,0xd9, 0xcd,0xd0, 0x13,0x04, 0xc8,0x00, 0x0b,0x6e, 0xbf,0xbb, 0xc0,0x69, 0xe5,0x94, 0xb4, 0xd5};
unsigned int i=0; FILE *fd_d; fd_d = fopen("input_pkt","r+"); printf("sizeof in_packet is : %d\n",sizeof(in_packet)); if(fd_d == NULL) {
printf("fd not created\n"); return 1; } while(i < (sizeof(in_packet))) { fprintf(fd_d,"%c",in_packet[i]); printf("%x",in_packet[i]);
i++; } printf("\nvalue of i is %d\n",i); fclose(fd_d); return 0;}Can any one help me out. the packet after decryption should look like the above. I think many of you might have used this functionality and it shouldn't a difficult thing for you folks to answer.
Thanks a lot in advance.
does openssl allocate memory with 16 bit alignment?
Hi, I am working on a proprietary ASIC chip that requires the memory buffers passed to it to be 16 bit aligned. Does Openssl support 16-bit alignment of the memory being allocated or is there any way that I can force 16 bit alignment of the data? -Riaz
Re: does openssl allocate memory with 16 bit alignment?
Malloc doesnt guarantee an alignment of any sort. ASIC chip requres that the buffer address that is passed to it should be a strictly 16 bit ( not byte ) aligned...I was going thru this link
http://sources.redhat.com/ml/crossgcc/2000-08/msg00049.html and here he has suggested a method of defining
#define HANDLE_PRAGMA_PACK_PUSH_POP 1 rebuild the compiler and use #pragma pack(push,<2>) for 2 byte ( which I believe is 16 bit alignment ) alignment. So basically I think i can create a macro for the openssl malloc function to
{
#pragma pack(push,<2>)
malloc()
}
I am not sure if this will work, this is mainly for gcc compiler, so this is a compiler dependent solution. I have to yet check this.
On 7/4/05, Steven Reddie <[EMAIL PROTECTED]> wrote:
Riaz, I think I misread/misunderstood your question. OpenSSL uses malloc to allocate memory. malloc should return an allocated buffer which is aligned appropriately for the underlying platform. Typically this alignment will be greater than you require, such as to a 16-byte boundary.
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Steven ReddieSent: Monday, 4 July 2005 4:23 PMTo:
openssl-users@openssl.orgSubject: RE: does openssl allocate memory with 16 bit alignment?
Isn't this the job of the compiler?
I don't believe that OpenSSL goes out of it's way to access values larger than 8-bits on unaligned addresses. One exception is the hand-optimised crypto routines, such as AES, where 32-bit values may be accessed on arbitrary addresses. Check out the macros in aes_locl.h for examples of handling this properly for processors that require it. Typical RISC processors are more restrictive than what you're asking for, eg. expecting 32-bit values to be aligned to 32-bit addresses, and these are definitely supported by OpenSSL. The ARM processor is one example. I did the port for this (for Windows CE) and ran into this problem with the AES module. If you search for use of the OPENSSL_SYS_WINCE macro which I added to aes_locl.h you may find other places where this was necessary, which I've now forgotten.
Your compiler should be generating code that packs structures appropriately for the target processor. Except for the optimisations mentioned above, OpenSSL simply accesses the fields within the structure, so it's the job of the compiler to ensure that they are aligned appropriately. And it's the job of the runtime system to ensure that the memory is allocated on an appropriate boundary (typically a 16-byte boundary).
Regards,
Steven
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Riaz FarnazSent: Monday, 4 July 2005 4:04 PMTo:
openssl-users@openssl.orgSubject: does openssl allocate memory with 16 bit alignment?
Hi,
I am working on a proprietary ASIC chip that requires the memory buffers passed to it to be 16 bit aligned. Does Openssl support 16-bit alignment of the memory being allocated or is there any way that I can force 16 bit alignment of the data?
-Riaz
Re: does openssl allocate memory with 16 bit alignment?
Hi all,
thanks for your replies.
Yes it will be aligning for data but what I am concerned is about buffers. Presently I am testing on hardware acceleration chip and I have allocated an intermediate buffer using a cacheDmaMalloc which is a 32 bit aligned by default and after I memcpy the contents to the newly allocated buffer I pass the address of the newly allocated buffer to the hardware.
This should solve my problem. I have a question here..does anyone know which functions does the do_cipher function pointer point to ?
Cheers
Riaz
On 7/5/05, Steven Reddie <[EMAIL PROTECTED]> wrote:
Riaz,
I think you'll find that malloc does do the right thing. Otherwise code such as the following would fail depending on the alignment requirements of the underlying platform:
double* p = (double*)malloc(sizeof(double));
*p = 3.14;
You shouldn't need to mess with alignment pragmas. These are usually used when you want to reduce the alignment, not increase it, such as when needing to pack data to match the format expected by communication protocols or storage formats. They're typically used for packing data more compactly rather than sparsely.
The compiler and runtime library need to have been targeted for the underlying platform and as such should have intimate knowledge of alignment issues for that platform.
If you are having an actual problem, rather than simply worrying about the safety of the code on your platform, I'd suggest that you have a poorly targeted compiler and/or runtime library. Try working with the code above. If it does fail on your platform then you need to get that working before worrying about OpenSSL. If a malloc of 2 bytes ever returns an odd address then, again, you're looking in the wrong place by worrying about OpenSSL.
Steven
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Riaz FarnazSent: Monday, 4 July 2005 7:51 PM
To: openssl-users@openssl.orgSubject: Re: does openssl allocate memory with 16 bit alignment?
Malloc doesnt guarantee an alignment of any sort. ASIC chip requres that the buffer address that is passed to it should be a strictly 16 bit ( not byte ) aligned...I was going thru this link
http://sources.redhat.com/ml/crossgcc/2000-08/msg00049.html and here he has suggested a method of defining
#define HANDLE_PRAGMA_PACK_PUSH_POP 1 rebuild the compiler and use #pragma pack(push,<2>) for 2 byte ( which I believe is 16 bit alignment ) alignment. So basically I think i can create a macro for the openssl malloc function to
{
#pragma pack(push,<2>)
malloc()
}
I am not sure if this will work, this is mainly for gcc compiler, so this is a compiler dependent solution. I have to yet check this.
On 7/4/05, Steven Reddie <[EMAIL PROTECTED]
> wrote:
Riaz, I think I misread/misunderstood your question. OpenSSL uses malloc to allocate memory. malloc should return an allocated buffer which is aligned appropriately for the underlying platform. Typically this alignment will be greater than you require, such as to a 16-byte boundary.
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Steven ReddieSent: Monday, 4 July 2005 4:23 PMTo:
openssl-users@openssl.orgSubject: RE: does openssl allocate memory with 16 bit alignment?
Isn't this the job of the compiler?
I don't believe that OpenSSL goes out of it's way to access values larger than 8-bits on unaligned addresses. One exception is the hand-optimised crypto routines, such as AES, where 32-bit values may be accessed on arbitrary addresses. Check out the macros in aes_locl.h for examples of handling this properly for processors that require it. Typical RISC processors are more restrictive than what you're asking for, eg. expecting 32-bit values to be aligned to 32-bit addresses, and these are definitely supported by OpenSSL. The ARM processor is one example. I did the port for this (for Windows CE) and ran into this problem with the AES module. If you search for use of the OPENSSL_SYS_WINCE macro which I added to aes_locl.h you may find other places where this was necessary, which I've now forgotten.
Your compiler should be generating code that packs structures appropriately for the target processor. Except for the optimisations mentioned above, OpenSSL simply accesses the fields within the structure, so it's the job of the compiler to ensure that they are aligned appropriately. And it's the job of the runtime system to ensure that the memory is allocated on an appropriate boundary (typically a 16-byte boundary).
Regards,
Steven
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Riaz FarnazSent: Monday, 4 July 2005 4:04 PMTo:
openssl-users@openssl.orgSubject: does openssl allocate memory with 16 bit alignment?
Hi,
I am working on a proprietary ASIC chip that requires the memory buffers passed to it to be 16 bit aligned. Does Openssl support 16-bit alignment of the memory being allocated or is
do_cipher function pointer points to ?????
Hi I want to know which function does the do_cipher function pointer points to. I was not able to find it or may be I have not looked into the code much thoroughly. If any one can please point me to the definition it would be great Cheers Riaz
