You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Openssl lua library doesnt generate the expected encrypted message for "aes-128-cfb" cypher compared to OS openssl (see evidence). It works perfectly for "des-cbc".
I tried to be as minimalistic/representative as possible with the examples, I have scripts/full example if needed.
Im 100% confident the expected encrypted messages are right, based on wireshark encrypted/decrypted messages. I have those if needed also.
Just in case, padding is not added in AES-128-CFB bc is not needed (anyway doesn't works). Im following rfc3414/rfc3826 to implement this.
To Reproduce
--- AES-128-CFB ---
NSE Script
local scopedPdu = stdnse.fromhex("3025040580003a8c040400a11a020430830404020100020100300c300a06062b06010201010500")
local encryptionKey = stdnse.fromhex("626f1f3a9cc13f35d01098c5777cb767")
local iv = stdnse.fromhex("0000000000000000dd7dd2201e33213a")
local encrypted = openssl.encrypt("aes-128-cfb", encryptionKey, iv, scopedPdu)
stdnse.pretty_printer(stdnse.tohex(encrypted))
-- "21a75f66bd6080670afd20ac1d505a38c58299d7058caab0210031f6459dce4b882690e92e6075"
-- expected
-- "1f363c2d3513423fee7c80090ca7bc48cc2611f8350023c6076f88029b094fc6ae2e13a139b698"
As you can see Lua differs from expected, see below openssl run from OS and is OK.
local scopedPdu = stdnse.fromhex("3017040580003a8c040400a00c020275de0201000201003000")
local encryptionKey = stdnse.fromhex("626f1f3a9cc13f35")
local iv = stdnse.fromhex("d01098c489e3fbdc")
local encrypted = openssl.encrypt("des-cbc", encryptionKey, iv, scopedPdu, true)
stdnse.pretty_printer(stdnse.tohex(encrypted))
-- "14eb64bed368ec8dfb7fcc2f8ea4a5f1b7f295eaea4d567a5d90d33cd52257e3"
-- expected
-- "14eb64bed368ec8dfb7fcc2f8ea4a5f1b7f295eaea4d567a5d90d33cd52257e3"
Describe the bug
Openssl lua library doesnt generate the expected encrypted message for "aes-128-cfb" cypher compared to OS openssl (see evidence). It works perfectly for "des-cbc".
I tried to be as minimalistic/representative as possible with the examples, I have scripts/full example if needed.
Im 100% confident the expected encrypted messages are right, based on wireshark encrypted/decrypted messages. I have those if needed also.
Just in case, padding is not added in AES-128-CFB bc is not needed (anyway doesn't works). Im following rfc3414/rfc3826 to implement this.
To Reproduce
--- AES-128-CFB ---
NSE Script
As you can see Lua differs from expected, see below openssl run from OS and is OK.
OpenSSL
--- DES-CBC ---
NSE Script
As you can see Lua works fine and OpenSSL also.
OpenSSL
Expected behavior
As i mentioned, the expected messages are in the above examples.
Version info (please complete the following information):
Ubuntu 20 LTS
nmap --version
:nmap --iflist
The text was updated successfully, but these errors were encountered: