Re: DESede encryption problem

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: DESede encryption problem

Super Pik Master

>Try XORing the first block of 8 bytes with the second block of 8 before
>encrypting the second block. Perhaps the first 8 is meant to be used as an
>IV for what follows.
>
>  
>
No, it doesn't work. I tried different XORing combination, before and
after encryption, with cleartext block and enrypted text block.

Any more ideas?



Reply | Threaded
Open this post in threaded view
|

Re: DESede encryption problem

Super Pik Master
I think I know where the problem lies. SSH version 2 and version 1
differ in implementation of 3DES. While in SSH2 it is probably the 3DES
with CBC remebered at the level of the whole 3DES cipher (not separate
initialization vectors for each of three DES engines).

And in SSH1 there are three independent CBC-DES engines with independent
initialization vectors. And that is something i could not achieve with
the code I posted.
Actually, description is like this:

   SSH_CIPHER_3DES
        The variant of triple-DES used here works as follows: there are
        three independent DES-CBC ciphers, with independent initializa-
        tion vectors.  The data (the whole encrypted data stream) is
        first encrypted with the first cipher, then decrypted with the
        second cipher, and finally encrypted with the third cipher.  All
        these operations are performed in CBC mode.

        The key for the first cipher is taken from the first 8 bytes of
        the session key; the key for the next cipher from the next 8
        bytes, and the key for the third cipher from the following 8
        bytes.  All three initialization vectors are initialized to
        zero.

        (Note: the variant of 3DES used here differs from some other
        descriptions.)

Can someone verify if I am correct with above assumptions? I am actually
trying to write the proper decoding code, but it still doesn't work.
Maybe someone can help me?

 byte[] TestData57 = {(byte)(0x12 & 0xFF), (byte)(0x15 & 0xFF),
(byte)(0xed & 0xFF),
   (byte)(0x62 & 0xFF), (byte)(0xab & 0xFF), (byte)(0x5f & 0xFF),
(byte)(0xd8 & 0xFF),
   (byte)(0x15 & 0xFF), (byte)(0xb5 & 0xFF), (byte)(0xe4 & 0xFF),
(byte)(0xd9 & 0xFF),
   (byte)(0x2f & 0xFF), (byte)(0x98 & 0xFF), (byte)(0x96 & 0xFF),
(byte)(0x1a & 0xFF), (byte)(0x4f & 0xFF) };

    private static byte[] TestSessionKey =
           {(byte)(0xa3 & 0xFF), (byte)(0x97 & 0xFF), (byte)(0xa2 &
0xFF), (byte)(0x55 & 0xFF),
            (byte)(0x53 & 0xFF), (byte)(0xbe & 0xFF), (byte)(0xf1 &
0xFF), (byte)(0xfc & 0xFF), (byte)(0xf9 & 0xFF),
            (byte)(0x79 & 0xFF), (byte)(0x6b & 0xFF), (byte)(0x52 &
0xFF), (byte)(0x14 & 0xFF), (byte)(0x13 & 0xFF),
            (byte)(0xe9 & 0xFF), (byte)(0xe2 & 0xFF), (byte)(0x2d &
0xFF), (byte)(0x51 & 0xFF),
            (byte)(0x8e & 0xFF), (byte)(0x1f & 0xFF), (byte)(0x56 &
0xFF), (byte)(0x08 & 0xFF),
            (byte)(0x57 & 0xFF), (byte)(0x27 & 0xFF), (byte)(0xa7 &
0xFF), (byte)(0x05 & 0xFF), (byte)(0xd4 & 0xFF),
            (byte)(0xd0 & 0xFF), (byte)(0x52 & 0xFF), (byte)(0x82 &
0xFF), (byte)(0x77 & 0xFF), (byte)(0x75 & 0xFF)};

 
     given on input 12 15 ed 62 ab 5f d8 15 b5 e4 d9 2f 98 96 1a 4f
requested on output d7 97 c1 0e 76 86 e4 5d 12 a1 09 0f 63 d7 0e 9b

Thanks in advance
Pik Master


Reply | Threaded
Open this post in threaded view
|

Re: DESede encryption problem

Super Pik Master
Great, it works.

Thank you for your help David.

Pik Master

Reply | Threaded
Open this post in threaded view
|

Re: DESede encryption problem

Super Pik Master
Thomas Fromm wrote:

> Hi, maybe you can forward Davids solution to your problem to the
> mailing list. thanks, kind regards, Thomas


Well, if you are still interested (I see you have found the solution
already) - I wrote a class to use in SSH version 1 protocol 3DES CBC
mode - it is different than bouncycastle 3DES implementation, so it
requires special handling.

Works for me, although I noticed some problem lately, received packets
have wrong CRC - some unexpected data is being read from socket - maybe
it's just a race condition problem, but may be truncating the encrypted
message or not shifting the key when expected as well. So do not treat
it as a complete or a safe code.


import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.engines.DESEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;

/* SSH1 uses different 3DES than standard BouncyCastle DESedeEngine,
 * so this is the implementation
 * @author Pik Master
 */

public class CBCDESedeSSH1Engine extends CBCBlockCipher  
{
   protected static final int BLOCK_SIZE = 8;
   private CBCBlockCipher des1, des2, des3;
   private boolean encrypting;  //are we ancrypting or decrypting    
 
   CBCDESedeSSH1Engine (BlockCipher cipher)
   {      
       super(cipher);  //create fake instance - only for
compatibility      
   }
 
   public void init(boolean encrypting, CipherParameters params)    
   {
       if (!(params instanceof KeyParameter))
       {
           throw new IllegalArgumentException("invalid parameter passed
to DESede init - " + params.getClass().getName());
       }

       this.encrypting = encrypting;
     
       des1 = new CBCBlockCipher (new DESEngine());          
       des2 = new CBCBlockCipher (new DESEngine());
       des3 = new CBCBlockCipher (new DESEngine());

       byte[] SessionKey = ((KeyParameter)params).getKey();
       if (SessionKey.length > 24)
       {
           throw new IllegalArgumentException("key size greater than 24
bytes");
       }
     
     
       byte[] key = new byte[8];  //subkey      
       System.arraycopy(SessionKey, 0, key, 0, 8);
       des1.init (encrypting, new KeyParameter(key));  //false =
decryption      
     
       System.arraycopy(SessionKey, 8, key, 0, 8);
       des2.init (!encrypting, new KeyParameter(key));  //false = decryption
             
       System.arraycopy(SessionKey, 16, key, 0, 8);
       des3.init (encrypting, new KeyParameter(key));  //false =
decryption                                    
   }  //init
 
 
   public java.lang.String getAlgorithmName()
   {
       return "DESedeSSH1";
   }
 
   public int getBlockSize()
   {
       return BLOCK_SIZE;
   }
 
   public int processBlock (byte[] in, int inOff, byte[] out, int outOff)
   {
       if (encrypting)
       {  //encrypting 3DES
           des1.processBlock (in, inOff, out, outOff);  //enc
           des2.processBlock (out, outOff, out, outOff);  //dec;
           des3.processBlock (out, outOff, out, outOff);  //enc
       }
       else
       {  //decrypting 3DES
           des3.processBlock (in, inOff, out, outOff);  //dec
           des2.processBlock (out, outOff, out, outOff);  //enc;
           des1.processBlock (out, outOff, out, outOff);  //dec          
       }
       return BLOCK_SIZE;  //processed block size
   }  //processBlock

 
   public void reset()
   {      
       des1.reset();
       des2.reset();
       des3.reset();      
   }
 
   public BlockCipher getUnderlyingCipher()
   {
       return this;
   }
     
}  //class Cipher