[Mono-list] TripleDES encryption problem

Sébastien Pouliot spouliot@videotron.ca
Fri, 29 Aug 2003 19:18:08 -0400 

07 07 07 07 07 07 07

Hmmm, 7 times 0x07, this is PKCS#7 padding. As the MAC is calculated on the
last 16 bytes (for MD5) then this will invalidate it.

My understanding of rfc2246, section 6.2.3.2, is that you are responsible to
do your own padding.
By default all .NET block ciphers use PKCS#7 padding (like your output) -
however rfc2246 DOESN'T use PKCS#7.

[From my interpretation] the correct padding would be 07 07 07 07 07 07 07
07 (8 times 0x07) because the structure is
...
uint8 padding[GenericBlockCipher.padding_length]
uint padding_length;
}

This means that you cannot use the PaddingMode.Pkcs7 from Mono or MS.NET -
but I don't know why this works under Windows !?!
You must provide your own padding mechanism (and don't ask me why the rfc's
author did it that way ;-).

I hope this help,

Sebastien Pouliot
Security Architect, Motus Technologies, http://www.motus.com/
work: spouliot@motus.com
home: spouliot@videotron.ca


-----Original Message-----
From: mono-list-admin@lists.ximian.com
[mailto:mono-list-admin@lists.ximian.com]On Behalf Of Carlos Guzman
Alvarez
Sent: 29 août 2003 18:57
To: mono-list@lists.ximian.com
Subject: Re: [Mono-list] TripleDES encryption problem


Hello:

> However this isn't the MAC used in SSL nor TLS - so it
> shouldn't affect you.

Yes i'm not using MACTripleDES :)

> When you say that it works under Windows/MS.NET do you mean your TLS code
> runs normally using the MS TripleDES implementation ?

Yes, at least with my sample code, in Windows it finish the handshake
protocol sends ok a message and receives ok a message from the openssl
server, in linux the first message send encrypted is rejected by openssl
server ( The Client Finished message ).

I have recompiled OpenSSL for use better debug capabilities and add some
  output to the console in the TLS implementation, i think that the
problem can be with the padding ( but i'm not sure ) what do you think
?? Here is the debug output:



TLS Implementation Debug Output

Cipher mode CBC
Padding mode PKCS7
KeySize size 192
Block size 64

Initialization vector
429D93CF52066A15

Encryption info
Fragment length 37
Padding length 3
Cipher length 40

MAC Contents
25 f7 8b 4e e7 dd 0d 34 66 9c fa 1d e2 29 9b 7e ee b3 e0 11

Fragment Contents
14 00 00 0c 29 80 4d a0 a6 74 1e 46 08 a8 8b c4

Ciphered message contents
7e 86 4f 37 75 84 d4 6f ea 26 45 f9 1d 2a 73 04 40 fc 84 10 46 54 74 2c
75 6b 53 45 55 a4 33 9d 08 95 24 3c 26 e9 ed ce


OpenSSL Debug Output


tls1_enc(0)
EVP_Cipher(ds=0x8184a20,rec->data=0x81744c5,rec->input=0x81744c5,l=40) ==>
         EVP_CIPHER_CTX: 0 buf_len, 24 key_len [8 128], 8 iv_len
                 IV: 429D93CF52066A15
         rec->input= 7e 86 4f 37 75 84 d4 6f ea 26 45 f9 1d 2a 73 04 40
fc 84 10
46 54 74 2c 75 6b 53 45 55 a4 33 9d 08 95 24 3c 26 e9 ed ce
des_ede_cbc_cipher(ctx=8184a20, buflen=0)
          iv= 429D93CF52066A15
         rec->data= 14 00 00 0c 29 80 4d a0 a6 74 1e 46 08 a8 8b c4 25
f7 8b 4e e7 dd 0d 34 66 9c fa 1d e2 29 9b 7e 03 07 07 07 07 07 07 07
dec 40
14 00 00 0C 29 80 4D A0 A6 74 1E 46 08 A8 8B C4
25 F7 8B 4E E7 DD 0D 34 66 9C FA 1D E2 29 9B 7E
03 07 07 07 07 07 07 07







--
Best regards

Carlos Guzmán Álvarez
Vigo-Spain


_______________________________________________
Mono-list maillist  -  Mono-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-list