3DES encryption with clear key - encryption

I'm trying to write a Cobol program with the following interface:
Objective
Receives a clear encryption key and a clear text and returns a cyphered text using the 3DES algorithm.
Inputs:
CLEAR_KEY: A 32-character string of hexadecimal characters to be used as the encryption key.
CLEAR_TEXT: A 16-character string.
Output:
CYPHERED_TEXT: A 16-character string.
I have access to DB2 and ICSF callable services.
I tried these three approaches:
Using CSNBSYE
77 CSNBSYE PIC X(7) VALUE 'CSNBSYE'.
01 CSNBSYE-PARAMETERS.
02 RETURN-CODE PIC 9(8) COMP.
02 REASON-CODE PIC 9(8) COMP.
02 EXIT-DATA-LENGTH PIC 9(8) COMP.
02 EXIT-DATA PIC X(32).
02 RULE-ARRAY-COUNT PIC 9(8) COMP.
02 RULE-ARRAY PIC X(8).
02 KEY-IDENTIFIER-LENGTH PIC 9(8) COMP.
02 KEY-IDENTIFIER PIC X(32).
02 KEY-PARMS-LENGTH PIC 9(8) COMP.
02 KEY-PARMS PIC X(32).
02 BLOCK-SIZE PIC 9(8) COMP.
02 INIT-VECTOR-LENGTH PIC 9(8) COMP.
02 INIT-VECTOR PIC X(8).
02 CHAIN-DATA-LENGTH PIC 9(8) COMP.
02 CHAIN-DATA PIC X(16).
02 CLEAR-TEXT-LENGTH PIC 9(8) COMP.
02 CLEAR-TEXT PIC X(16).
02 CYPHERED-TEXT-LENGTH PIC 9(8) COMP.
02 CYPHERED-TEXT PIC X(16).
02 OPTIONAL-DATA-LENGTH PIC 9(8) COMP.
02 OPTIONAL-DATA PIC X(32).
INITIALIZE CSNBSYE-PARAMETERS.
MOVE 1 TO RULE-ARRAY-COUNT.
MOVE 'DES ' TO RULE-ARRAY.
MOVE 16 TO KEY-IDENTIFIER-LENGTH.
MOVE '2DF65FD88EA9E17E3C66950387F91DE2' TO KEY-IDENTIFIER.
MOVE 8 TO BLOCK-SIZE
INIT-VECTOR-LENGTH.
MOVE ALL ZEROS TO INIT-VECTOR.
MOVE 16 TO CHAIN-DATA-LENGTH.
MOVE LOW-VALUES TO CHAIN-DATA.
MOVE 16 TO CLEAR-TEXT-LENGTH
CYPHERED-TEXT-LENGTH.
MOVE ALL ZEROS TO CLEAR-TEXT.
CALL CSNBSYE USING RETURN-CODE,
REASON-CODE,
EXIT-DATA-LENGTH,
EXIT-DATA,
RULE-ARRAY-COUNT,
RULE-ARRAY,
KEY-IDENTIFIER-LENGTH,
KEY-IDENTIFIER,
KEY-PARMS-LENGTH,
KEY-PARMS,
BLOCK-SIZE,
INIT-VECTOR-LENGTH,
INIT-VECTOR,
CHAIN-DATA-LENGTH,
CHAIN-DATA,
CLEAR-TEXT-LENGTH,
CLEAR-TEXT,
CYPHERED-TEXT-LENGTH,
CYPHERED-TEXT,
OPTIONAL-DATA-LENGTH,
OPTIONAL-DATA.
Using CSNBECO
77 CSNBECO PIC X(7) VALUE 'CSNBECO'.
01 CSNBECO-PARAMETERS.
02 RETURN-CODE PIC 9(8) COMP.
02 REASON-CODE PIC 9(8) COMP.
02 EXIT-DATA-LENGTH PIC 9(8) COMP.
02 EXIT-DATA PIC X(32).
02 CLEAR-KEY PIC X(32).
02 CLEAR-TEXT PIC X(16).
02 CYPHERED-TEXT PIC X(16).
INITIALIZE CSNBECO-PARAMETERS.
MOVE '2DF65FD88EA9E17E3C66950387F91DE2' TO CLEAR-KEY.
MOVE ALL ZEROS TO CLEAR-TEXT.
CALL CSNBSYE USING RETURN-CODE,
REASON-CODE,
EXIT-DATA-LENGTH,
EXIT-DATA,
CLEAR-KEY,
CLEAR-TEXT,
CYPHERED-TEXT.
Using DB2's ENCRYPT_TDES
01 WS.
02 CLEAR-TEXT PIC X(16).
02 CYPHERED-TEXT PIC X(16).
MOVE ALL ZEROS TO CLEAR-TEXT.
EXEC SQL
SELECT ENCRYPT_TDES(:CLEAR-TEXT, '2DF65FD88EA9E17E3C66950387F91DE2')
INTO :CYPHERED-TEXT
FROM SYSIBM.SYSDUMMY1
END-EXEC.
But none of these approaches returned the result I expected. The result I'm expecting is the same obtained from testing in this website: http://tripledes.online-domain-tools.com/ , with the following data:
Input type: Text
Input Text: 0000000000000000 (HEX)
Function: 3DES
Mode: CBC
Key: 2DF65FD88EA9E17E3C66950387F91DE2 (HEX)
Init Vector: 00 00 00 00 00 00 00 00
Encrypt!
Encrypted Text (result): 87 30 e1 ef 98 3d f2 b4 (HEX) | . 0 á ï = ò ´ (STRING)
My question is: how can I obtain the result above in a Cobol program, using any of the tools provided by IBM?
Thank you!

Most of your confusion seems to come from the fact that you mistake hex-strings for byte-values. E.g. you think you pass CSNBSYE a 16-byte key of '2DF65FD88EA9E17E3C66950387F91DE2'X while you are passing a 32-byte string starting with 'F2C4C6F6F5C6C429F8'X - i.e. the EBCDIC-representation of the characters you passed. To use actual hex-representation of the byte-values you have to append a X after the closing apostrophe of your literals.
Also note that moving ZERO into a PIC X item resulte in 'F0'X while using LOW-VALUE results in '00'.
Another point is that you seem to be comparing the 3DES results from the website with the DES results from CSNBECO or CSNBSYE - but they are different ciphers and so should return different results.
Last but not least ENCRYPT_TDES: this function is using 3DES but it does not accept a plain key. Instead the second argument is a password that is hashed to obtain the final encryption key.
So of your investigated alternatives it seems that only CSNBSYE is compatible with your requirements but you have to study its exact parameter-formats and usage.

I did it! The code was the following:
77 CT-cENC-ROUTINE PIC X(7) VALUE 'CSNBSYE'.
05 WS-ENC.
10 WS-ENC-nRETURN-CODE PIC 9(8) COMP.
10 WS-ENC-nREASON-CODE PIC 9(8) COMP.
10 WS-ENC-nEXIT-DATA-LENGTH PIC 9(8) COMP.
10 WS-ENC-cEXIT-DATA PIC X(4).
10 WS-ENC-nRULE-ARRAY-COUNT PIC 9(8) COMP.
10 WS-ENC-RULE-ARRAY.
15 WS-ENC-cRULE-ALGO PIC X(8).
10 WS-ENC-cKEY-IDENT-LENGTH PIC 9(8) COMP.
10 WS-ENC-cKEY-IDENT PIC X(32).
10 WS-ENC-nKEY-PARMS-LENGTH PIC 9(8) COMP.
10 WS-ENC-nKEY-PARMS PIC X(64).
10 WS-ENC-nBLOCK-SIZE PIC 9(8) COMP.
10 WS-ENC-nINIT-VECTOR-LENGTH PIC 9(8) COMP.
10 WS-ENC-cINIT-VECTOR PIC X(16).
10 WS-ENC-nCHAIN-DATA-LENGTH PIC 9(8) COMP.
10 WS-ENC-cCHAIN-DATA PIC X(32).
10 WS-ENC-nCLEAR-TEXT-LENGTH PIC 9(8) COMP.
10 WS-ENC-cCLEAR-TEXT PIC X(16).
10 WS-ENC-nCYPHER-TEXT-LENGTH PIC 9(8) COMP.
10 WS-ENC-cCYPHER-TEXT PIC X(16).
10 WS-ENC-nOPTIONAL-DATA-LENGTH PIC 9(8) COMP.
10 WS-ENC-cOPTIONAL-DATA PIC X(32).
INITIALIZE WS-ENC
MOVE 1 TO WS-ENC-nRULE-ARRAY-COUNT
MOVE 'DES' TO WS-ENC-cRULE-ALGO
EXEC SQL
SELECT VARCHAR_BIT_FORMAT('2DF65FD88EA9E17E3C66950387F91DE2')
INTO :WS-ENC-cKEY-IDENT
FROM SYSIBM.SYSDUMMY1
END-EXEC
MOVE 16 TO WS-ENC-cKEY-IDENT-LENGTH
MOVE 8 TO WS-ENC-nBLOCK-SIZE
WS-ENC-nINIT-VECTOR-LENGTH
MOVE ALL ZEROS TO WS-ENC-cINIT-VECTOR
MOVE LENGTH OF WS-ENC-cCHAIN-DATA
TO WS-ENC-nCHAIN-DATA-LENGTH
MOVE LOW-VALUES TO WS-ENC-cCHAIN-DATA
MOVE LENGTH OF WS-ENC-cCLEAR-TEXT
TO WS-ENC-nCLEAR-TEXT-LENGTH
WS-ENC-nCYPHER-TEXT-LENGTH
MOVE '0000000000000000' TO WS-ENC-cCLEAR-TEXT
CALL CT-cENC-ROUTINE USING WS-ENC-nRETURN-CODE,
WS-ENC-nREASON-CODE,
WS-ENC-nEXIT-DATA-LENGTH,
WS-ENC-cEXIT-DATA,
WS-ENC-nRULE-ARRAY-COUNT,
WS-ENC-RULE-ARRAY,
WS-ENC-cKEY-IDENT-LENGTH,
WS-ENC-cKEY-IDENT,
WS-ENC-nKEY-PARMS-LENGTH,
WS-ENC-nKEY-PARMS,
WS-ENC-nBLOCK-SIZE,
WS-ENC-nINIT-VECTOR-LENGTH,
WS-ENC-cINIT-VECTOR,
WS-ENC-nCHAIN-DATA-LENGTH,
WS-ENC-cCHAIN-DATA,
WS-ENC-nCLEAR-TEXT-LENGTH,
WS-ENC-cCLEAR-TEXT,
WS-ENC-nCYPHER-TEXT-LENGTH,
WS-ENC-cCYPHER-TEXT
WS-ENC-nOPTIONAL-DATA-LENGTH,
WS-ENC-cOPTIONAL-DATA
So, what was missing was: 1) Convert the 32-byte string of hexadecimal characters to it's 16-byte string representation. 2) The chain data size was made to be 32.

Related

How could I determine this checksum pattern?

Let's assume that I have 512-byte packets plus a 16-bit CRC at the end. I would like to determine what the CRC parameters are.
It's a Fujitsu chip, where I'm writing the the flash with a programmer, the programmer calculates the CRC for me, and I read out the CRC with an oscilloscope. I have the ability to check every possible combination.
My test messages are 512 zeros except for one byte that I set to the values 0 to 17 in decimal. The one byte is one of the first four or last two in the packet. Here are the resulting CRCs in hexadecimal, where the rows are the value of the byte, and the columns are which byte is set:
00 01 02 03 510 511
00 00 00 00 00 00 00
01 0x8108 0x0100 0x3020 0xC6B0 0xF1F0 0x8108
02 0x8318 0x0200 0x6040 0x0C68 0x62E8 0x8318
03 0x0210 0x0300 0x5060 0xCAD8 0x9318 0x0210
04 0x8738 0x0400 0xC080 0x18D0 0xC5D0 0x8738
05 0x0630 0x0500 0xF0A0 0xDE60 0x3420 0x0630
06 0x0420 0x0600 0xA0C0 0x14B8 0xA738 0x0420
07 0x8528 0x0700 0x90E0 0xD208 0x56C8 0x8528
08 0x8F78 0x0800 0x0008 0x31A0 0x0AA8 0x8F78
09 0x0E70 0x0900 0x3028 0xF710 0xFB58 0x0E70
10 0x0C60 0x0A00 0x6048 0x3DC8 0x6840 0x0C60
11 0x8D68 0x0B00 0x5068 0xFB78 0x99B0 0x8D68
12 0x0840 0x0C00 0xC088 0x2970 0xCF78 0x0840
13 0x8948 0x0D00 0xF0A8 0xEFC0 0x3E88 0x8948
14 0x8B58 0x0E00 0xA0C8 0x2518 0xAD90 0x8B58
15 0x0A50 0x0F00 0x90E8 0xE3A8 0x5C60 0x0A50
16 0x9FF8 0x1000 0x0010 0x6340 0x1550 0x9FF8
17 0x1EF0 0x1100 0x3030 0xA5F0 0xE4A0 0x1EF0
As you can see the first and last bytes give the same value. I tried several variations of CRC-16, but without much luck. The closet one was CRC-16 with polynomial 0x1021 and initial value 0.
The fact that every single CRC ends in 0 or 8 strongly suggests that it is not a 16-bit CRC, but rather a 13-bit CRC. Indeed, all of the sequences check against a 13-bit CRC with polynomial 0x1021 not reflected, initial value zero, and final exclusive-or zero.
We can't be sure about the initial value and final exclusive-or unless you can provide at least one packet with a length other than 512. With only examples of a single length, there are 8,191 other combinations of initial values and final exclusive-ors that would produce the exact same CRCs.

Decode Epson print (ESC-i) command decoding/encoding

I'm trying to understand the algorithm used for compression value = 1 with the Epson ESCP2 print command, "ESC-i". I have a hex dump of a raw print file which looks, in part, like the hexdump below (note little-endian format issues).
000006a 1b ( U 05 00 08 08 08 40 0b
units; (page1=08), (vt1=08), (hz1=08), (base2=40 0b=0xb40=2880)
...
00000c0 691b 0112 6802 0101 de00
esc i 12 01 02 68 01 01 00
print color1, compress1, bits1, bytes2, lines2, data...
color1 = 0x12 = 18 = light cyan
compress1 = 1
bits1 (bits/pixel) = 0x2 = 2
bytes2 is ??? = 0x0168 = 360
lines2 is # lines to print = 0x0001 = 1
00000c9 de 1200 9a05 6959
00000d0 5999 a565 5999 6566 5996 9695 655a fd56
00000e0 1f66 9a59 6656 6566 5996 9665 9659 6666
00000f0 6559 9999 9565 6695 9965 a665 6666 6969
0000100 5566 95fe 9919 6596 5996 5696 9666 665a
0000110 5956 6669 0456 1044 0041 4110 0040 8140
0000120 9000 0d00
1b0c 1b40 5228 0008 5200 4d45
FF esc # esc ( R 00 REMOTE1
The difficulty I'm having is how to decode the data, starting at 00000c9, given 2 bits/pixel and the count of 360. It's my understanding this is some form of tiff or rle encoding, but I can't decode it in a way that makes sense. The output was produced by gutenprint plugin for GIMP.
Any help would be much appreciated.
The byte count is not a count of the bytes in the input stream; it is a count of the bytes in the input stream as expanded to an uncompressed form. So when expanded, there should be a total of 360 bytes. The input bytes are interpreted as either a count of bytes to follow, if positive, in which case the count is the byte value +1; and if negative the count is a count of the number of times the immediately following byte should be expanded, again, +1. The 0D at the end is a terminating carriage return for the line as a whole.
The input stream is only considered as a string of whole bytes, despite the fact that the individual pixel/nozzle controls are only 2 bits each. So it is not really possible to use a repeat count for something like a 3-nozzle sequence; a repeat count must always specify a full byte 4-nozzle combination.
The above example then specifies:
0xde00 => repeat 0x00 35 times
0x12 => use the next 19 bytes as is
0xfd66 => repeat 0x66 4 times
0x1f => use the next 32 bytes as is
etc.

2 different 3DES (ede) keys giving same output while encryption

I have 2 different 3DES (ede) keys (meaning double length). I encrypted an 8-byte block using the keys and got the same output. Is this okay? Or is it rare? Is this even possible?
One thing I observed was key1 xor 0101....01 = key2. Can this be the reason. Is it like, for all such pairs of keys, 3DES works same? Also, are there any other such blocks (like 0101...01) which have the same effect?
example:
data: a21156bcdd00018a
key1: ff41777b3372b7817872b4b212f0c942
cipher text: 76 4f ab e0 2a e0 9b 11
key2: FE40767A3273B6807973B5B313F1C843
cipher text: 76 4f ab e0 2a e0 9b 11
and when data: 0000000000000000
ciphertext 1 = ciphertext 1 = 7adfa8ccbb7b3d29
basically, giving all same output.
Does this have to do something with 3DES algo?
Take a look at your keys in binary:
FF/FE 41/40 77/76 7B/7A 33/32 72/73 B7/B6 81/80
Key1 bit 0-63: 11111111 01000001 01110111 01111011 00110011 01110010 10110111 10000001
Key2 bit 0-63: 11111110 01000000 01110110 01111010 00110010 01110011 10110110 10000000
78/79 72/73 B4/B5 B2/B3 12/13 F0/F1 C9/C8 42/43
Key1 bit 64-127: 01111000 01110010 10110100 10110010 00010010 11110000 11001001 01000010
Key2 bit 64-127: 01111001 01110011 10110101 10110011 00010011 11110001 11001000 01000011
You might notice that they only differ on the last bit of each byte. This is a parity bit that ain't used by DES during encryption. From DES's point of view they are the same key.

Getting an error while trying to send SS command using USAT application

I'm trying to have a USIM perform call forwarding (a.k.a call redirection) using the proactive command SEND SS (TS 31.111 sections: 6.4.11, 8.14, etc.). Unfortunately I keep getting an error from the network which I can't understand.
I'm trying the following sequence:
ME->USIM: 8012000018 (FETCH from the ME toward UICC)
USIM->ME: 12 (procedure byte)
USIM->ME: D01681030411008202818305000909FFAA120A25556777B49000
D0 (proactive command) 16 (length)
81 (command details) 03 (length) 04 (command number) 11 (SEND SS) 00 (RFU)
82 (device identities) 02 (length) 81 (UICC) 83 (network)
05 (alpha identifier) 00 (length)
909FFAA120A25556777B4 (SS String = **21*0525576774#)
9000 (OK)
ME->USIM: 801400000D (Terminal response of size 0x0D)
USIM->ME: 14 (procedure byte)
ME->USIM: 81030411000202828103023424
81 (command details) 03 (length) 04 (command number) 11 (SEND SS) 00 (RFU)
02 (device identities) 02 (length) 82 (ME) 81 (UICC)
03 (Result) 02 (length) 34 (SS Return Error) 24 (???)
I can't figure out what '24' means.
Just to make sure I'm using a correct SS string, I activated CALL CONTROL on the USIM and dialed **21*0525576774# in the keypad. The result was as follows:
ME->UICC: 80C200001C (Envelope of length 0x1C)
UICC->ME: C2 (procedure byte)
ME->UICC: D41A020282810909FFAA120A25556777B4130924F51027D078CF0013
D4 (envelope) 1A (length)
02 (device identities) 02 (length) 82 (ME) 81 (UICC)
09 (send ss) 09 (length) FFAA120A25556777B4 (SS string)
13 (location information) 09 (length) 24F51027D078CF0013 (not relevant)
USIM->ME: 9000 (OK)
As you can see, the SS string is identical. When the ME sends it it seems to work (call forwarding is activated) yet when I try to send it from the UICC to the network I get the error '3424'.
I've searched through the specs (TS 31.111, TS 22.030 and even TS 24.080) but didn't find even the tiniest lead as to what I'm doing wrong.
Any help will be appreciated :)
Cheers,
Nir.
I think the problem occurs due to timer management(Action in contradiction with the current timer state) becouse
0x34-> Means SS Return Error
0x24-> Means Action in contradiction with the current timer state.

About MPEG-4 headers

I examined some MPEG-4 video headers and saw some byte arrays like below at the beginning:
00 00 01 B0 01 00 00 01 B5 89 13
I know 00 00 01 parts but what exactly B0 B1 and B5 89 13 parts mean? Actually, if I put this byte array infront of an MPEG-4 stream, it works fine.
But I don't know if those values works with different mpeg-4 stream sources ?
0x000001B0 -> Visual Object Sequence Start (VOSS) Code
0x000001B5 -> Visual Object Start (VOS) Code
You can find the complete MPEG-4 elementary video header details at "ISO/IEC 14496-2" documentation. Here are the details you asked for.
Visual Object Sequence Start (VOSS) Code
-> 4 bytes visual object sequence start code = long hex value of 0x000001B0
-> 8 bits profile/level indicator = 1 byte unsigned number
Visual Object Start (VOS) Code
-> 4 bytes visual object start code = long hex value of 0x000001B5
-> 1 bit has id marker flag = 1/4 nibble flag
_ID_Marker_Section_
-> 4 bits version id = 1 nibble unsigned value - only if marker is true
- version id types are ISO 14496-2 = 1
-> 3 bits visual object priority = 3/4 nibble unsigned value - only if marker is true
- priorities are 1 through to 7
-> 4 bits visual object type = 1 nibble unsigned value
- types are video = 1 ; still texture = 2 ; mesh = 3 ; face = 4
-> 1 bit video signal type = 1/4 nibble flag
- NOTE: if this is false Y has a sample range of 16 through to 235

Resources