Hiya;
My query (and, I suspect, trouble) really comes from the "RandomIV" strings
that seem to be attached to the outgoing ciphertext. I hacked Client.pm's
send_data bits to have:
open(LOG, ">>/tmp/srslog-out.txt");
print LOG "$message\n";
close(LOG);
So each outgoing string is seperated by a 0x0A. The client.txt says (to my
understanding) that:
1) Random data in
2) Random data decrypted
3) MD5 checksum of data
4) Encrypted checksum out
So, with the outgoing strings seperated at 01x02, 02x0b and 05x04, where is
this 'RandomIV' text coming from, because the output from mcrypt_cbc() from
PHP certainly dosen't include any of this guff - it's all
random/gobbldeygook data, and that's where I think the problem is occouring.
Comparing the output of Crypt::CBC and mcrypt_cbc() from Perl and PHP
respectivley (for a given set of data/keys), they match. The CBC.pm included
from within the OpenSRS implementation seems to do things differently,
though.
Any ideas?
Steven Fletcher
stevenf@shellnet.co.uk
--www3# bpatch -d /tmp/srslog-out.txt File /tmp/srslog-out.txt opened successfully
FILE: /tmp/srslog-out.txt (246) - ASCII PAGE: 0 (0) x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf 0123456789abcdef
00: 4f 70 65 6e 53 52 53 20 43 4c 49 45 4e 54 20 33 OpenSRS CLIENT 3 01: 2e 33 0a 6c 6f 67 69 6e 20 2d 62 6c 6f 77 66 69 .3.login -blowfi 02: 73 68 20 53 68 65 6c 6c 6e 65 74 0a 52 61 6e 64 sh Shellnet.Rand 03: 6f 6d 49 56 ed 10 8e 06 fd 53 a6 80 77 70 13 8f omIV.....S..wp.. 04: 02 ca 09 08 b9 20 69 9d cd 0f 32 47 66 c4 33 05 ..... i...2Gf.3. 05: cb da 1f aa 0a 52 61 6e 64 6f 6d 49 56 bc f0 41 .....RandomIV..A 06: e2 6e a3 2c ec e1 e6 54 93 17 69 cb af b1 ef ea .n.,...T..i..... 07: 6c 4e 4c 5f 77 74 17 ba ea 90 ce a1 61 52 94 4c lNL_wt......aR.L 08: e1 21 e4 54 33 03 e9 49 b5 81 b9 dd 8f 4a 9e 6f .!.T3..I.....J.o 09: da 38 e8 27 49 eb e0 5d 81 17 dd 4a db 66 08 f9 .8.'I..]...J.f.. 0a: 56 e8 fe 32 2a b3 fc d0 90 b2 7b fa e6 83 c4 96 V..2*.....{..... 0b: 8f fe 3b 02 5f 61 cb 12 35 5e fc 1a 3c a3 6a 43 ..;._a..5^..<.jC 0c: 5e 0d 30 f8 c7 c9 6a 76 dc 5c b2 b6 18 f4 33 27 ^.0...jv.\....3' 0d: e3 17 70 b9 a9 3f ce ca 31 2d 38 66 54 d6 6a e9 ..p..?..1-8fT.j. 0e: 44 8a ec fc 2b 5a 94 c6 01 01 66 10 0b 73 c0 73 D...+Z....f..s.s 0f: 59 49 b2 5c 4a 0a YI.\J.
> -----Original Message----- > From: Brad Murray [mailto:brad@graphtech.net] > Sent: 18 July 2000 15:05 > To: Steven Fletcher > Subject: Re: PHP interface/client > > > Steven, > > I tried this quite a while ago with no success. Make sure > you're not using > DES, as the perl des library is odd. Try building it using > either Blowfish > or Blofish_PP (don't remember if mcrypt supports the second one)... > > Brad > > > Hi all; > > > > Does anyone have any information/pointers to using the > mcrypt library with > > PHP in order to get a PHP interface working? I have had a *lot* of > > difficulty with the encryption phase, which I suspected is > down to the IV > > parts of the exchanged keys. I've hit a brick wall and > after much hair > loss > > am appealing here! :-) > > > > Thanks for any info anyone can provide; > > > > Steven Fletcher > > stevenf@shellnet.co.uk > > >
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:41 EDT