Question about DES encryption in python_问答_开发者

I am trying to create an LM/NTLM response for which I require encrypting the challenge sent by server using DES algorithm

The following is what I did:

from M2Crypto.EVP import Cipher

def encryptChallenge(magic, key):  
    str_key = ""  
    for iter1 in key:  
        str_key = str_key + chr(iter1)  

    encrypt = 1
    cipher = Cipher(alg='des_ede_ecb', key=str_key, op=encrypt, iv='\0'*16)
    ciphertext = cipher.update(magic)
    ciphertext += cipher.final()

    return ciphertext

However when I try encrypting "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" using DES, I get the following result:

Key used to encrypt: ['0xfe', '0x9b', '0xd5', '0x16', '0xcd', '0x15', '0xc8', '0x49']

Challenge after encryption:

 Encrypted_server_challenge_using_key_1 : ['0x66', '0xf7', '0xa', '0xf8', '0xda', '0x4e', '0x7', '0xaa', '0x65', '0xc3', '0x8d', '0xaa', '0x48', '0xcc', '0x67', '0x57', '0xe2', '0xb0', '0x6e', '0x10', '0xb', '0x5e', '0xdd', '0xb4']

The above response was not accepted by the server

Tried using a tool called DEScalc.jar (http://www.unsw.adfa.edu.au/~lpb/src/DEScalc/index.html) and found that the encrypted result is:

setKey(fe9bd516cd15c849)
encryptDES(0123456789abcdef)
  IP:   L0=cc00ccff, R0=f0aaf0aa
  Rnd1  f(R0=f0aaf0aa, SK1=0b 2c 23 12 3开发者_开发问答3 1c 2b 09 ) = 988995a0
  Rnd2  f(R1=5489595f, SK2=21 15 0d 11 1c 1a 3b 38 ) = 63200664
  Rnd3  f(R2=938af6ce, SK3=01 35 2f 05 3e 19 30 1f ) = c206c318
  Rnd4  f(R3=968f9a47, SK4=06 37 07 01 03 37 1a 3e ) = bdf738ef
  Rnd5  f(R4=2e7dce21, SK5=06 14 17 29 0f 17 27 25 ) = 76c68d3d
  Rnd6  f(R5=e049177a, SK6=34 14 06 0d 28 2c 23 37 ) = c182a1c7
  Rnd7  f(R6=efff6fe6, SK7=04 18 2e 05 31 3a 3e 17 ) = c3e45497
  Rnd8  f(R7=23ad43ed, SK8=04 13 22 27 2f 30 1f 19 ) = 4977a92c
  Rnd9  f(R8=a688c6ca, SK9=12 0a 38 0c 3d 33 19 26 ) = 4975507e
  Rnd10 f(R9=6ad81393, SK10=10 0b 30 1e 1f 08 2f 2e ) = d52a9361
  Rnd11 f(R10=73a255ab, SK11=19 0a 31 22 05 0f 33 1f ) = 38b2a619
  Rnd12 f(R11=526ab58a, SK12=38 2e 30 22 1b 3b 13 31 ) = e9dec064
  Rnd13 f(R12=9a7c95cf, SK13=3a 0a 1c 12 2a 3e 35 2b ) = d88ee399
  Rnd14 f(R13=8ae45613, SK14=19 09 18 1b 0b 2d 3c 16 ) = 9de6ddb2
  Rnd15 f(R14=079a487d, SK15=19 39 01 12 37 14 17 36 ) = 5fb60a90
  Rnd16 f(R15=d5525c83, SK16=24 05 0d 39 31 1f 2d 34 ) = 6a40b6ea
  FP:   L=c337cd5c, R=bd44fc97
 returns c337cd5cbd44fc97

Noticed that the above result is accepted by the server

Is there a specific algorithm that is used by DEScalc.jar which I am missing, because of which I don't get the results obtained by DEScalc.jar

Hi Everyone, Thanks a lot for your help; The issue was with the way I represented the hexadecimal in python; I used the following function to convert "0123456789abcdef" to hex representation as Keith mentioned and it worked:

def HexToByte( hexStr ):
    """
    Convert a string hex byte values into a byte string. The Hex Byte values may
    or may not be space separated.
    """
    # The list comprehension implementation is fractionally slower in this case    
    #
    #    hexStr = ''.join( hexStr.split(" ") )
    #    return ''.join( ["%c" % chr( int ( hexStr[i:i+2],16 ) ) \
    #                                   for i in range(0, len( hexStr ), 2) ] )

    bytes = []

    hexStr = ''.join( hexStr.split(" ") )

    for i in range(0, len(hexStr), 2):
        bytes.append( chr( int (hexStr[i:i+2], 16 ) ) )

    return ''.join( bytes )

Thanks a lot

The problem here is in your source (plaintext) string. You have each character expanded to two bytes, instead of one byte. The Java program will take the input "0123456789abcdef", and use internally the hex string of that. Using pycrypto and a properly encoded plaintext I get this.

Python2> from Crypto.Cipher import DES
Python2> key
'\xfe\x9b\xd5\x16\xcd\x15\xc8I'
Python2> pw
'\x01#Eg\x89\xab\xcd\xef'
Python2> eng = DES.new(key, DES.MODE_ECB, "\0"*8)
Python2> hexdigest(eng.encrypt(pw))
'c337cd5cbd44fc97'

Which you can see is the same as the Java code.

Are you sure you need to use DES-EDE-ECB?

EDE means that you're actually using Triple DES: you run DES three times (with three different keys), and EDE means that you encrypt-decrypt-encrypt (each time with a different key).

But it sounds like you should just be using plain DES ('des_ecb').