SKIPJACK encryption gives wrong result

[Namilk18]

    std::string result_str;
    CryptoPP::CBC_Mode<CryptoPP::SKIPJACK>::Encryption e;
    CryptoPP::byte key[10] = { 0x00, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11 };
    CryptoPP::byte plain[8] = { 0x33, 0x22, 0x11, 0x00, 0xdd, 0xcc, 0xbb, 0xaa };
    d.SetKey(key, sizeof(key));
    std::string input(reinterpret_cast<char*>(plain), 8);
    CryptoPP::StringSource s(input, true, 
      new CryptoPP::StreamTransformationFilter(e,
        new CryptoPP::StringSink(result_str)
      ) // StreamTransformationFilter
    ); // StringSource

    std::string hex_result;
    CryptoPP::StringSource(result_str, true,
      new CryptoPP::HexEncoder(
        new CryptoPP::StringSink(hex_result)
      ) // HexDecoder
    ); // StringSource
    std::cout<<hex_result<<std::endl;

I know that correct result cipher should be "2587CAE27A12D30069E1B7CA26BD2646".
But above code is giving me "C3069674579678B3864BEBE40220757B", which is quite different.
I am using Crypto++ 8.0 version now.

[noloader]

I know that correct result cipher should be "2587CAE27A12D30069E1B7CA26BD2646".
But above code is giving me "C3069674579678B3864BEBE40220757B", which is quite different.

d.SetKey(key, sizeof(key));

You need to set an IV with CBC mode. Use SetKeyWithIV().

[noloader]

I know that correct result cipher should be "2587CAE27A12D30069E1B7CA26BD2646".
But above code is giving me "C3069674579678B3864BEBE40220757B", which is quite different.

You need to set an IV with CBC mode.

It looks like something may be wrong here. Reopening. (You still need an IV with CBC mode).

[noloader]

OK, after some research:

1. Schneier has page on SKIPJACK at https://www.schneier.com/crypto-gram/archives/1998/0715.html#skip
2. Schneier says ref impl at ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/skipjack
3. Ref impl has an original/unoptimized version at ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/skipjack/skipjack-orig.c
4. Ref impl has an optimized version at ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/skipjack/skipjack.c
5. NIST no longer provides encryption transform at https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/block-ciphers#Skipjack
6. NIST provides decryption transform for interop at https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/block-ciphers#Skipjack
7. The earliest NIST doc I could find on the Wayback machine: SKIPJACK and KEA Algorithm Specifications

For item (3), Ref Impl (original), it arrives at the result 2587CAE27A12D30.

For item (6), NIST decryption, the controlling document is SP800-17, Modes of Operation Validation System (MOVS): Requirements and Procedures. It has test vectors but it is not easy to parse.

I've tested (a) Crypto++, (b) Botan, (c) Ref Impl (original) and (d) Ref Impl (optimized). All of them arrive at different results.

I think the way forward is, find which algorithm arrives at the NIST test vector and use it. I suspect it is going to be Ref Impl (original). I will know shortly.

[noloader]

I think the way forward is, find which algorithm arrives at the NIST test vector and use it. I suspect it is going to be Ref Impl (original). I will know shortly.

So it looks like Crypto++ arrives at the Known Answers from SP800-17 (in particular, Table 6, pp. 140-42). Botan also arrives at the known answers from NIST.

Here's the first known answer test from the SP800-17 table. You can find additional known answer tests at TestVectors/skipjack.txt'.

key: 80 00 00 00 00 00 00 00 00 00
plain: 00 00 00 00 00 00 00 00
cipher: 7a 00 e4 94 41 46 1f 5a

I don't know the difference between NIST algorithm/Crypto++ code and Panu Rissanen's implementation. I asked Wei if he recalled the difference or variations over chat, but he did not recall the details from that time.

If you need to add the block cipher with Panu Rissanen's implementation, then copy/paste the code in skipjack.h and skipjack.cpp. Give it a new class name like SkipjackOrig. Then, copy-in Rissanen's code.

I'm going to close this report. I will be adding test vectors and updating the docs.

[noloader]

@Zungong,

I added a new wiki page at SKIPJACK. It documents what we found in this bug report. I also added first class test vectors at TestVectors/skipjack.txt. It should save the next person the trouble you experienced.

You can use the test vectors with the Crypto++ test program:

$ ./cryptest.exe tv skipjack
Using seed: 1556389914

Testing SymmetricCipher algorithm SKIPJACK/ECB.
................................................................................
Testing SymmetricCipher algorithm SKIPJACK/CBC.
................................................................................
Tests complete. Total tests = 160. Failed tests = 0.

If you figure out the difference in implementations, then please let me know. I will add it to the wiki article. I asked a question at Difference in SKIPJACK algorithms, but it may go unanswered.