[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] SSL and RC4 Encryption



I'm using a Netscape Enterprise Server and I'm seeing an intermittent
connection problem with Internet Explorer.  I don't see the same problem
with Netscape's browser.  To help troubleshoot this problem, I'd like to
decrypt the session and see what IE is sending as it communicates with
the server.  On netscape's site, there's a couple of traces which
capture and analyze the communication between the server and the
client.  For example,
http://home.netscape.com/eng/ssl3/traces/trc-clnt-us.html traces a
connection that uses client authentication and SSL_RSA_WITH_RC4_MD5 as
the ciphersuite.

The trace starts with the client hello and goes all the way through to
the close notify, and along the way it shows the client and server
random, the premaster secret, the master secret, the various keys
derived from the master secret, etc.  I'm able to get to the same point
analyzing one of my own traces, that is, I know both the public and
private RSA keys for my server, and I can get the pre master secret sent
from the client and use this and the other needed inputs to build the
various session keys.

When I go to do the RC4 decryption, however, I'm not seeing the expected
result.  For example, in the trace at netscape's site, the client write
key is: a2 1b 90 d1 ef 19 c5 1d b1 5d 4d 6c a7 9e b2 f7.  If I look at
the client's application data record and strip off the header (17 03 00
01 09), and then take the 265 (0x109) bytes of encrypted data and try
and do RC4 decryption, I'm not getting the original data back.  I'm
expecting to see 47 45 54 20 2f...  (i.e. GET /...).  Rather, I'm seeing
d4 14 82 81 7c... What do I need to do to properly decrypt this?  I've
included the code (RC4Trace.java) for  trying to decrypt the Netscape
example trace below.

Thanks in advance for any help you can provide.

Dave Rolin
drolin@bbn.com
-----
RC4Trace.java:

import java.math.BigInteger;
import iaik.security.rsa.*;
import iaik.security.provider.IAIK;
import javax.crypto.Cipher;
import java.security.MessageDigest;
import iaik.security.cipher.*;
import java.security.Key;
import javax.crypto.spec.SecretKeySpec;

public class RC4Trace {

  public static void main(String[] args) {

    IAIK.addAsProvider(true);

// The RC4 key data:
    byte[] key_data = {
            (byte)0xa2, (byte)0x1b, (byte)0x90, (byte)0xd1,
            (byte)0xef, (byte)0x19, (byte)0xc5, (byte)0x1d,
            (byte)0xb1, (byte)0x5d, (byte)0x4d, (byte)0x6c,
            (byte)0xa7, (byte)0x9e, (byte)0xb2, (byte)0xf7};

// The encrypted data:
    byte[] ciph_data = {
            (byte)0xc4, (byte)0x76, (byte)0x04, (byte)0x8a,
            (byte)0x19, (byte)0x9e, (byte)0x74, (byte)0xaf,
            (byte)0x29, (byte)0xc5, (byte)0x8c, (byte)0x1d,
            (byte)0x98, (byte)0xfe, (byte)0x2a, (byte)0x58,
            (byte)0x43, (byte)0x51, (byte)0xa5, (byte)0x57,
            (byte)0xb8, (byte)0xf1, (byte)0x8e, (byte)0x98,
            (byte)0x1b, (byte)0x47, (byte)0xfb, (byte)0xa4,
            (byte)0xb7, (byte)0x50, (byte)0xbb, (byte)0x0a,
            (byte)0x15, (byte)0xd2, (byte)0x04, (byte)0xec,
            (byte)0x6c, (byte)0x3a, (byte)0xf6, (byte)0x2e,
            (byte)0xb0, (byte)0xde, (byte)0xf6, (byte)0x46,
            (byte)0xdc, (byte)0xa3, (byte)0xec, (byte)0xb9,
            (byte)0x56, (byte)0x99, (byte)0x35, (byte)0xbe,
            (byte)0xc0, (byte)0x20, (byte)0xeb, (byte)0x99,
            (byte)0x8f, (byte)0xf1, (byte)0xa6, (byte)0xdc,
            (byte)0xa3, (byte)0xda, (byte)0x2b, (byte)0xf1,
            (byte)0xcd, (byte)0x03, (byte)0xb7, (byte)0x48,
            (byte)0x20, (byte)0x7c, (byte)0x91, (byte)0x64,
            (byte)0xf1, (byte)0x93, (byte)0x7e, (byte)0x0f,
            (byte)0x78, (byte)0xf3, (byte)0x72, (byte)0x66,
            (byte)0x4e, (byte)0x7a, (byte)0xea, (byte)0x55,
            (byte)0xff, (byte)0xd7, (byte)0x48, (byte)0x6a,
            (byte)0x7e, (byte)0x26, (byte)0x8c, (byte)0xe3,
            (byte)0x26, (byte)0xb9, (byte)0xf1, (byte)0x56,
            (byte)0x0d, (byte)0xa0, (byte)0x30, (byte)0x44,
            (byte)0x43, (byte)0x6c, (byte)0x21, (byte)0x90,
            (byte)0x4f, (byte)0x95, (byte)0x14, (byte)0x59,
            (byte)0x3d, (byte)0x0a, (byte)0x5d, (byte)0x14,
            (byte)0x4b, (byte)0xcb, (byte)0xa2, (byte)0x11,
            (byte)0x06, (byte)0x56, (byte)0x1e, (byte)0xbd,
            (byte)0xcd, (byte)0xad, (byte)0xdb, (byte)0xa3,
            (byte)0xc4, (byte)0x29, (byte)0x88, (byte)0x91,
            (byte)0xf5, (byte)0x46, (byte)0x2f, (byte)0xca,
            (byte)0xcc, (byte)0x5d, (byte)0xa4, (byte)0x27,
            (byte)0xa5, (byte)0x05, (byte)0x57, (byte)0xa4,
            (byte)0xbb, (byte)0xcd, (byte)0x2c, (byte)0xae,
            (byte)0x38, (byte)0x45, (byte)0xbb, (byte)0x35,
            (byte)0x94, (byte)0xfa, (byte)0x23, (byte)0xee,
            (byte)0x19, (byte)0xbc, (byte)0x78, (byte)0x49,
            (byte)0x1f, (byte)0x20, (byte)0x19, (byte)0xd1,
            (byte)0x2a, (byte)0xc9, (byte)0x2c, (byte)0xe5,
            (byte)0xdc, (byte)0x73, (byte)0x9c, (byte)0x87,
            (byte)0xa6, (byte)0x2a, (byte)0x76, (byte)0x4f,
            (byte)0x52, (byte)0x5a, (byte)0x7b, (byte)0x39,
            (byte)0xef, (byte)0xb0, (byte)0xa7, (byte)0x38,
            (byte)0x61, (byte)0x68, (byte)0x83, (byte)0x08,
            (byte)0xee, (byte)0x6c, (byte)0x3a, (byte)0xe7,
            (byte)0xf9, (byte)0xde, (byte)0xa9, (byte)0xb5,
            (byte)0x7a, (byte)0xcc, (byte)0xa4, (byte)0x7d,
            (byte)0x3e, (byte)0xf5, (byte)0x92, (byte)0xdf,
            (byte)0xf9, (byte)0xdd, (byte)0xf4, (byte)0xc4,
            (byte)0x2c, (byte)0x20, (byte)0xaa, (byte)0x5e,
            (byte)0x81, (byte)0x97, (byte)0x7e, (byte)0x9e,
            (byte)0xc7, (byte)0x29, (byte)0x29, (byte)0xfc,
            (byte)0xb2, (byte)0x24, (byte)0xe1, (byte)0x17,
            (byte)0x95, (byte)0xda, (byte)0xd9, (byte)0x28,
            (byte)0x1b, (byte)0x3f, (byte)0xd4, (byte)0xfb,
            (byte)0xcd, (byte)0x96, (byte)0xfa, (byte)0xa9,
            (byte)0x74, (byte)0x54, (byte)0xeb, (byte)0x37,
            (byte)0x50, (byte)0x33, (byte)0x7b, (byte)0x2e,
            (byte)0x93, (byte)0x27, (byte)0x66, (byte)0x43,
            (byte)0xb2, (byte)0xf1, (byte)0x23, (byte)0xb7,
            (byte)0x78, (byte)0x27, (byte)0x87, (byte)0x0d,
            (byte)0x58, (byte)0xb4, (byte)0x19, (byte)0x22,
            (byte)0x33, (byte)0x89, (byte)0xd1, (byte)0xc8,
            (byte)0xe5, (byte)0x6a, (byte)0xcd, (byte)0xb6,
            (byte)0x72};

// Set up an RC4 cipher and try to decrypt:
    try {
      SecretKeySpec key = new SecretKeySpec(key_data, "RAW");
      Cipher rc4 = Cipher.getInstance("RC4", "IAIK");
      rc4.init(Cipher.DECRYPT_MODE, key);
      byte[] plain_data = rc4.doFinal(ciph_data);

//Dump out the results in hex

    System.out.println("OK, here's plaintext");
    for (int i = 0; i < plain_data.length; i++) {
      int hex = plain_data[i];
      if (hex < 0) hex = 256 + hex;
      if (hex >= 16) System.out.print(Integer.toHexString(hex) + " ");
      else System.out.print("0" + Integer.toHexString(hex) + " ");
    }
    System.out.println("");

    } catch (Exception ex) {
        System.out.println("Caught an exception");
        ex.printStackTrace();
        System.exit(1);
    }
  }
}




--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl