From: Damien Lucifer <root@HellSpawn>
Date: Sat, 24 Aug 1996 01:27:42 +0800
To: cypherpunks@toad.com
Subject: ctcp.0.9
Message-ID: <Pine.LNX.3.91.960823093958.882A-100000@HellSpawn>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This is a program i found on unimi that offers secure socket connections, 
utilitizing a simple server/client. It can be installed without root 
priveledges and uses d/h for key transfers. Anyone looked this package 
over, and if so what is your oppinion about it? 

Included below is the THEORY file that describes the key exchange:



The encryption negotiation is performed using a protocol similar to
FTP/SMTP/NNTP.  The client sends commands to the server and the server
returns a four-digit response code.  Unless stated otherwise, all numbers
in this document are hexadecimal with the most significant byte first.

When a connection is initiated, the server should send a 2000 response
indicating that it is ready to accept commands.

Commands:

DH3DES - Diffie-Hellman Key exchange followed by Triple-DES encryption
      If supported, 3001 is returned.
      The following commands are then expected:

MOD - If an argument is supplied, it is the number, in hexadecimal, to use
      as the modulus.
      Responses:
       2210 - okay
       4031 - invalid number
       4032 - too small
       4033 - too large
      If no argument is given, the server should supply the modulus, sending
      2211 followed by the modulus.  If the server is unable to supply a
      modulus, 4034 should be returned.

GEN - this should follow MOD.  The generator to use.  The format is the same
      as that of the MOD command. The response codes are 2210, 2211, 4031
      or 4034

EXCH - Key exchange
      Client sends exch followed by gen raised to hir secret exponent.
      Server sends 4030 if a gen/mod has not been agreed upon.
      otherwise 2212 followed by gen raised to its exponent

ENCR - Begin encrypted Session
       
       4020 - No key selected for encryption
       2300 - Encrypted session begin

LPORT xxxx - this command takes a 16-bit hexadecimal port number argument,
      and connects to the specified TCP port on the local host.
      Responses:
       2400 - connected
       4010 - Unable to connect
       4011 - Access denied

RPORT xxxxxxxxxxxx - Connect to remote port
      The argument to this command is a 48-bit hexadecimal number representing
      the IP address and port number to connect to.  The response should be
      first 2500, then when the connection has been attempted:
       2400 - connected
       4010 - Unable to connect
       4011 - Access denied

QUIT - quit
      Response: 2100 - Goodbye


Summary of error codes:

1xxx - informational messages
10xx - server is supplying additional information that the client may
       ignore.
11xx - server is responding to a client's request for information
2xxx - okay
20xx - Server is ready
21xx - Disconnect, goodbye
22xx - Command okay
23xx - Encrypted session begins now
24xx - Session with another service begins now
25xx - Command ok, operation in progress, please wait
3xxx - ok so far, send the rest
4xxx - command was okay but could not be processed
5xxx - command not understood or not implemented


Triple-DES 

The triple DES encryption uses output feedback exclusive-ored with a
non-sequential counter.  There are three counters, each of which is
exclusive-ored with the data block before encryption with the
corresponding key.  The counters are incremented in each round by a
shared, secret value which is part of the total key.  The result of
each round of encryption is exclusive-ored with the data stream.

I0 ------          -----
         |        |     |
I1 ----- | ---A1------- | --->
     \   |        | \   |
      --XOR       |  --XOR
         |        |     |
         E1       |     E1
         |        |     |
I2 ----- | ---A2------- | --->
     \   |        | \   |
      --XOR       |  --XOR
         |        |     |
         E2       |     E2
         |        |     |
I3 ----- | ---A3------- | --->
     \   |        | \   |
      --XOR       |  --XOR       
         |        |     |        
         E3-------^     E3-------^
         |              |
         v              v
       XOR with data stream

I0 - Initialization Vector
I1 - Initialization of counter 1
I2 - Initialization of counter 2
I3 - Initialization of counter 3
E1 - Encryption with Key 1
E2 - Encryption with Key 2
E3 - Encryption with Key 3
A1 - Add increment value 1
A2 - Add increment value 2
A3 - Add increment value 3


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMh219rGlo8DEMb2JAQEzWgP/VpcWiL8+UN+7l7wCtUr6N5Bk4iqG5fYq
Jb9ImvVA3h2k8cGz/ETBQW/3H9GA9jCsqzLrgcUewAa8CgdmhPoVE04e2scAxp4l
y2peJlQmakCl2RCKHJZPTTaOLnsBU4NCZxwW8Q4xeUb0KBYfiW9XeULleyhhfsO2
n7XYpc4XhaY=
=vGhK
-----END PGP SIGNATURE-----