Decrypting data from DefaultEncryptorWithMAC

642 views Asked by At

When using DefaultEncryptorWithMAC in CryptoPP at it's heart it seems to use this Mash Function

// The purpose of this function Mash() is to take an arbitrary length input
// string and *deterministicly* produce an arbitrary length output string such
// that (1) it looks random, (2) no information about the input is
// deducible from it, and (3) it contains as much entropy as it can hold, or
// the amount of entropy in the input string, whichever is smaller.

static void Mash(const byte *in, size_t inLen, byte *out, size_t outLen, int iterations)
{
    if (BytePrecision(outLen) > 2)
        throw InvalidArgument("Mash: output legnth too large");

    size_t bufSize = RoundUpToMultipleOf(outLen, (size_t)DefaultHashModule::DIGESTSIZE);
    byte b[2];
    SecByteBlock buf(bufSize);
    SecByteBlock outBuf(bufSize);
    DefaultHashModule hash;

    unsigned int i;
    for(i=0; i<outLen; i+=DefaultHashModule::DIGESTSIZE)
    {
        b[0] = (byte) (i >> 8);
        b[1] = (byte) i;
        hash.Update(b, 2);
        hash.Update(in, inLen);
        hash.Final(outBuf+i);
    }

    while (iterations-- > 1)
    {
        memcpy(buf, outBuf, bufSize);
        for (i=0; i<bufSize; i+=DefaultHashModule::DIGESTSIZE)
        {
            b[0] = (byte) (i >> 8);
            b[1] = (byte) i;
            hash.Update(b, 2);
            hash.Update(buf, bufSize);
            hash.Final(outBuf+i);
        }
    }

    memcpy(out, outBuf, outLen);
}

According to this page http://www.cryptopp.com/wiki/DefaultEncryptorWithMAC

DefaultEncryptorWithMAC uses 2-key Triple DES as the default encryptor, and SHA1 as the default hash for the MAC. The block cipher is operated in CBC Mode. The password is mashed rather than derived using a Password Based Key Derivation Function. Each run through the DefaultEncryptorWithMAC produces a different result due to the use of a salt based on time and clock.

I'm trying to read this encrypted string with another library and am really struggling ie do the equivalent operation of DefaultDecryptorWithMAC (http://www.cryptopp.com/wiki/DefaultDecryptorWithMAC)

If I put my secret key through and online SHA1 encrypted I don't get the same result as the Mash function above ?

According to the above webpage it seems to suggest it's using standard encryption techiques I have been unable to decry-pt the result with anything else

Hopefully someone here has experience decrypting the result of these function from this library

Thanks in advance

1

There are 1 answers

6
jww On

From the comments:

I obviously know the secret key the whole salt/clock/mashing thing is making it almost impossible for me to decrypt a string that has been encrypted with the above method.

If you look at the code for DefaultEncryptorWithMAC (h file and cpp file), you will see that the output has more stuff than just the data encrypted under a mashed password. So its not enough to derive the "secret key" in the mash function and key the DES_EDE2 cipher and operate it in CBC mode.

Looking at the function DefaultEncryptor::FirstPut (which inherits from ProxyFilter) on line 83, there is preamble written. The preamble is the salt and a key check. So the layout of the encrypted data is:

[SALT][KEYCHECK][ENCRYPTED DATA]

SALT is calculated based on DefaultHashModule::DIGESTSIZE; but only 8 bytes is written. Then, the KEYCHECK is calculated based on DefaultHashModule::DIGESTSIZE; but only Default_BlockCipher::Encryption::BLOCKSIZE is written.

When it comes time to decrypt, you strip off the salt and use it to re-derive the IV. You strip off the key check and validate the key you derived. Then you key a decryptor with the derived key and iv.