07 07 07 07 07 07 07 Hmmm, 7 times 0x07, this is PKCS#7 padding. As the MAC is calculated on the last 16 bytes (for MD5) then this will invalidate it.
My understanding of rfc2246, section 6.2.3.2, is that you are responsible to do your own padding. By default all .NET block ciphers use PKCS#7 padding (like your output) - however rfc2246 DOESN'T use PKCS#7. [From my interpretation] the correct padding would be 07 07 07 07 07 07 07 07 (8 times 0x07) because the structure is ... uint8 padding[GenericBlockCipher.padding_length] uint padding_length; } This means that you cannot use the PaddingMode.Pkcs7 from Mono or MS.NET - but I don't know why this works under Windows !?! You must provide your own padding mechanism (and don't ask me why the rfc's author did it that way ;-). I hope this help, Sebastien Pouliot Security Architect, Motus Technologies, http://www.motus.com/ work: [EMAIL PROTECTED] home: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Carlos Guzman Alvarez Sent: 29 ao�t 2003 18:57 To: [EMAIL PROTECTED] Subject: Re: [Mono-list] TripleDES encryption problem Hello: > However this isn't the MAC used in SSL nor TLS - so it > shouldn't affect you. Yes i'm not using MACTripleDES :) > When you say that it works under Windows/MS.NET do you mean your TLS code > runs normally using the MS TripleDES implementation ? Yes, at least with my sample code, in Windows it finish the handshake protocol sends ok a message and receives ok a message from the openssl server, in linux the first message send encrypted is rejected by openssl server ( The Client Finished message ). I have recompiled OpenSSL for use better debug capabilities and add some output to the console in the TLS implementation, i think that the problem can be with the padding ( but i'm not sure ) what do you think ?? Here is the debug output: TLS Implementation Debug Output Cipher mode CBC Padding mode PKCS7 KeySize size 192 Block size 64 Initialization vector 429D93CF52066A15 Encryption info Fragment length 37 Padding length 3 Cipher length 40 MAC Contents 25 f7 8b 4e e7 dd 0d 34 66 9c fa 1d e2 29 9b 7e ee b3 e0 11 Fragment Contents 14 00 00 0c 29 80 4d a0 a6 74 1e 46 08 a8 8b c4 Ciphered message contents 7e 86 4f 37 75 84 d4 6f ea 26 45 f9 1d 2a 73 04 40 fc 84 10 46 54 74 2c 75 6b 53 45 55 a4 33 9d 08 95 24 3c 26 e9 ed ce OpenSSL Debug Output tls1_enc(0) EVP_Cipher(ds=0x8184a20,rec->data=0x81744c5,rec->input=0x81744c5,l=40) ==> EVP_CIPHER_CTX: 0 buf_len, 24 key_len [8 128], 8 iv_len IV: 429D93CF52066A15 rec->input= 7e 86 4f 37 75 84 d4 6f ea 26 45 f9 1d 2a 73 04 40 fc 84 10 46 54 74 2c 75 6b 53 45 55 a4 33 9d 08 95 24 3c 26 e9 ed ce des_ede_cbc_cipher(ctx=8184a20, buflen=0) iv= 429D93CF52066A15 rec->data= 14 00 00 0c 29 80 4d a0 a6 74 1e 46 08 a8 8b c4 25 f7 8b 4e e7 dd 0d 34 66 9c fa 1d e2 29 9b 7e 03 07 07 07 07 07 07 07 dec 40 14 00 00 0C 29 80 4D A0 A6 74 1E 46 08 A8 8B C4 25 F7 8B 4E E7 DD 0D 34 66 9C FA 1D E2 29 9B 7E 03 07 07 07 07 07 07 07 -- Best regards Carlos Guzm�n �lvarez Vigo-Spain _______________________________________________ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list _______________________________________________ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
