OpenSSL Lua library not working as expected with aes-128-cfb #2640
Description
Describe the bug
Openssl lua library doesnt generate the expected encrypted message for "aes-128-cfb" cypher compared to OS openssl (see evidence). It works perfectly for "des-cbc".
I tried to be as minimalistic/representative as possible with the examples, I have scripts/full example if needed.
Im 100% confident the expected encrypted messages are right, based on wireshark encrypted/decrypted messages. I have those if needed also.
Just in case, padding is not added in AES-128-CFB bc is not needed (anyway doesn't works). Im following rfc3414/rfc3826 to implement this.
To Reproduce
--- AES-128-CFB ---
NSE Script
local scopedPdu = stdnse.fromhex("3025040580003a8c040400a11a020430830404020100020100300c300a06062b06010201010500")
local encryptionKey = stdnse.fromhex("626f1f3a9cc13f35d01098c5777cb767")
local iv = stdnse.fromhex("0000000000000000dd7dd2201e33213a")
local encrypted = openssl.encrypt("aes-128-cfb", encryptionKey, iv, scopedPdu)
stdnse.pretty_printer(stdnse.tohex(encrypted))
-- "21a75f66bd6080670afd20ac1d505a38c58299d7058caab0210031f6459dce4b882690e92e6075"
-- expected
-- "1f363c2d3513423fee7c80090ca7bc48cc2611f8350023c6076f88029b094fc6ae2e13a139b698"
As you can see Lua differs from expected, see below openssl run from OS and is OK.
OpenSSL
echo -n 3025040580003a8c040400a11a020430830404020100020100300c300a06062b06010201010500 | xxd -r -p | openssl enc -aes-128-cfb -K 626f1f3a9cc13f35d01098c5777cb767 -iv 0000000000000000dd7dd2201e33213a -nopad | xxd -p
1f363c2d3513423fee7c80090ca7bc48cc2611f8350023c6076f88029b09
4fc6ae2e13a139b698
--- DES-CBC ---
NSE Script
local scopedPdu = stdnse.fromhex("3017040580003a8c040400a00c020275de0201000201003000")
local encryptionKey = stdnse.fromhex("626f1f3a9cc13f35")
local iv = stdnse.fromhex("d01098c489e3fbdc")
local encrypted = openssl.encrypt("des-cbc", encryptionKey, iv, scopedPdu, true)
stdnse.pretty_printer(stdnse.tohex(encrypted))
-- "14eb64bed368ec8dfb7fcc2f8ea4a5f1b7f295eaea4d567a5d90d33cd52257e3"
-- expected
-- "14eb64bed368ec8dfb7fcc2f8ea4a5f1b7f295eaea4d567a5d90d33cd52257e3"
As you can see Lua works fine and OpenSSL also.
OpenSSL
echo -n 3017040580003a8c040400a00c020275de0201000201003000 | xxd -r -p | openssl enc -des-cbc -K 626f1f3a9cc13f35 -iv d01098c489e3fbdc | xxd -p
14eb64bed368ec8dfb7fcc2f8ea4a5f1b7f295eaea4d567a5d90d33cd522
57e3
Expected behavior
As i mentioned, the expected messages are in the above examples.
Version info (please complete the following information):
- OS:
Ubuntu 20 LTS - Output of
nmap --version:
Nmap version 7.93 ( https://nmap.org )
Platform: x86_64-redhat-linux-gnu
Compiled with: nmap-liblua-5.3.6 openssl-3.0.5 nmap-libssh2-1.10.0 nmap-libz-1.2.12 nmap-libpcre-7.6 nmap-libpcap-1.10.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
- Output of
nmap --iflist
Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-10 23:24 -03
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MTU MAC
lo (lo) 127.0.0.1/8 loopback up 65536
lo (lo) ::1/128 loopback up 65536
enp2s0f0 (enp2s0f0) (none)/0 ethernet up 1500 84:A9:38:97:F8:9A
enp5s0 (enp5s0) (none)/0 ethernet up 1500 84:A9:38:97:F8:99
wlp3s0 (wlp3s0) 192.168.88.10/24 ethernet up 1500 E0:0A:F6:51:AD:89
wlp3s0 (wlp3s0) fe80::9e1c:5f54:2dc4:bf79/64 ethernet up 1500 E0:0A:F6:51:AD:89
enxf8ce720a583a (enxf8ce720a583a) (none)/0 ethernet up 1500 F8:CE:72:0A:58:3A
br-8e597b0711e4 (br-8e597b0711e4) 172.19.0.1/16 ethernet up 1500 02:42:5F:E5:49:81
br-8e597b0711e4 (br-8e597b0711e4) fe80::42:5fff:fee5:4981/64 ethernet up 1500 02:42:5F:E5:49:81
docker0 (docker0) 172.17.0.1/16 ethernet up 1500 02:42:99:80:05:B3
docker0 (docker0) fe80::42:99ff:fe80:5b3/64 ethernet up 1500 02:42:99:80:05:B3
br-fb8efe4686e8 (br-fb8efe4686e8) 172.29.0.1/16 ethernet up 1500 02:42:3C:04:0C:65
vethbdd09b7 (vethbdd09b7) (none)/0 ethernet up 1500 E2:FF:4A:AE:18:FE
vethbdd09b7 (vethbdd09b7) fe80::e0ff:4aff:feae:18fe/64 ethernet up 1500 E2:FF:4A:AE:18:FE
tun0 (tun0) 172.16.0.173/24 point2point up 1500
tun0 (tun0) fe80::316e:f254:284d:caa3/64 point2point up 1500
br-62095ea4b43a (br-62095ea4b43a) 172.21.0.1/16 ethernet up 1500 02:42:A5:CD:64:B3
br-62095ea4b43a (br-62095ea4b43a) fe80::42:a5ff:fecd:64b3/64 ethernet up 1500 02:42:A5:CD:64:B3
vethabfa40d (vethabfa40d) (none)/0 ethernet up 1500 CE:D0:BD:EB:10:65
vethabfa40d (vethabfa40d) fe80::ccd0:bdff:feeb:1065/64 ethernet up 1500 CE:D0:BD:EB:10:65
veth3d41eb9 (veth3d41eb9) (none)/0 ethernet up 1500 B2:0A:7E:7C:83:54
veth3d41eb9 (veth3d41eb9) fe80::b00a:7eff:fe7c:8354/64 ethernet up 1500 B2:0A:7E:7C:83:54
vetha13f819 (vetha13f819) (none)/0 ethernet up 1500 C2:22:33:26:DB:9F
vetha13f819 (vetha13f819) fe80::c022:33ff:fe26:db9f/64 ethernet up 1500 C2:22:33:26:DB:9F
veth1a669be (veth1a669be) (none)/0 ethernet up 1500 92:09:82:FA:23:DD
veth1a669be (veth1a669be) fe80::9009:82ff:fefa:23dd/64 ethernet up 1500 92:09:82:FA:23:DD
vethbd1eeaa (vethbd1eeaa) (none)/0 ethernet up 1500 D2:6B:71:B2:E7:45
vethbd1eeaa (vethbd1eeaa) fe80::d06b:71ff:feb2:e745/64 ethernet up 1500 D2:6B:71:B2:E7:45
vethb5fe6a1 (vethb5fe6a1) (none)/0 ethernet up 1500 E6:DE:E0:43:8C:DD
vethb5fe6a1 (vethb5fe6a1) fe80::e4de:e0ff:fe43:8cdd/64 ethernet up 1500 E6:DE:E0:43:8C:DD
veth0ed80b7 (veth0ed80b7) (none)/0 ethernet up 1500 4E:EE:6B:3A:1E:F9
veth0ed80b7 (veth0ed80b7) fe80::4cee:6bff:fe3a:1ef9/64 ethernet up 1500 4E:EE:6B:3A:1E:F9
vethca6a032 (vethca6a032) (none)/0 ethernet up 1500 86:A3:2C:49:01:6E
vethca6a032 (vethca6a032) fe80::84a3:2cff:fe49:16e/64 ethernet up 1500 86:A3:2C:49:01:6E
vetha3a137b (vetha3a137b) (none)/0 ethernet up 1500 36:8B:2B:0A:53:F6
vetha3a137b (vetha3a137b) fe80::348b:2bff:fe0a:53f6/64 ethernet up 1500 36:8B:2B:0A:53:F6
vethafe6a14 (vethafe6a14) (none)/0 ethernet up 1500 4A:EA:90:66:27:63
vethafe6a14 (vethafe6a14) fe80::48ea:90ff:fe66:2763/64 ethernet up 1500 4A:EA:90:66:27:63
**************************ROUTES**************************
DST/MASK DEV METRIC GATEWAY
54.172.125.238/32 wlp3s0 600 192.168.88.1
192.168.88.1/32 wlp3s0 600
10.0.0.0/24 tun0 50 172.16.0.1
10.0.1.0/24 tun0 50 172.16.0.1
10.0.2.0/24 tun0 50 172.16.0.1
10.0.128.0/24 tun0 50 172.16.0.1
10.0.129.0/24 tun0 50 172.16.0.1
10.0.130.0/24 tun0 50 172.16.0.1
172.16.0.0/24 tun0 50
192.168.88.0/24 wlp3s0 600
10.10.98.0/23 tun0 50 172.16.0.1
10.10.200.0/23 tun0 50 172.16.0.1
10.10.210.0/23 tun0 50 172.16.0.1
10.0.64.0/20 tun0 50 172.16.0.1
10.0.80.0/20 tun0 50 172.16.0.1
10.0.96.0/20 tun0 50 172.16.0.1
10.1.64.0/20 tun0 50 172.16.0.1
10.1.80.0/20 tun0 50 172.16.0.1
10.1.96.0/20 tun0 50 172.16.0.1
10.3.64.0/20 tun0 50 172.16.0.1
10.3.80.0/20 tun0 50 172.16.0.1
10.3.96.0/20 tun0 50 172.16.0.1
172.17.0.0/16 docker0 0
172.19.0.0/16 br-8e597b0711e4 0
172.21.0.0/16 br-62095ea4b43a 0
172.29.0.0/16 br-fb8efe4686e8 0
10.1.0.0/16 tun0 50 172.16.0.1
10.3.0.0/16 tun0 50 172.16.0.1
10.6.0.0/16 tun0 50 172.16.0.1
169.254.0.0/16 wlp3s0 1000
0.0.0.0/0 wlp3s0 600 192.168.88.1
::1/128 lo 0
fe80::42:5fff:fee5:4981/128 br-8e597b0711e4 0
fe80::42:99ff:fe80:5b3/128 docker0 0
fe80::42:a5ff:fecd:64b3/128 br-62095ea4b43a 0
fe80::316e:f254:284d:caa3/128 tun0 0
fe80::348b:2bff:fe0a:53f6/128 vetha3a137b 0
fe80::48ea:90ff:fe66:2763/128 vethafe6a14 0
fe80::4cee:6bff:fe3a:1ef9/128 veth0ed80b7 0
fe80::84a3:2cff:fe49:16e/128 vethca6a032 0
fe80::9009:82ff:fefa:23dd/128 veth1a669be 0
fe80::9e1c:5f54:2dc4:bf79/128 wlp3s0 0
fe80::b00a:7eff:fe7c:8354/128 veth3d41eb9 0
fe80::c022:33ff:fe26:db9f/128 vetha13f819 0
fe80::ccd0:bdff:feeb:1065/128 vethabfa40d 0
fe80::d06b:71ff:feb2:e745/128 vethbd1eeaa 0
fe80::e0ff:4aff:feae:18fe/128 vethbdd09b7 0
fe80::e4de:e0ff:fe43:8cdd/128 vethb5fe6a1 0
::1/128 lo 256
fe80::/64 vethbdd09b7 256
fe80::/64 br-8e597b0711e4 256
fe80::/64 tun0 256
fe80::/64 br-62095ea4b43a 256
fe80::/64 veth3d41eb9 256
fe80::/64 vethabfa40d 256
fe80::/64 vethb5fe6a1 256
fe80::/64 veth1a669be 256
fe80::/64 vetha13f819 256
fe80::/64 vethbd1eeaa 256
fe80::/64 vethca6a032 256
fe80::/64 veth0ed80b7 256
fe80::/64 vetha3a137b 256
fe80::/64 docker0 256
fe80::/64 vethafe6a14 256
fe80::/64 wlp3s0 600
ff00::/8 wlp3s0 256
ff00::/8 vethbdd09b7 256
ff00::/8 br-8e597b0711e4 256
ff00::/8 tun0 256
ff00::/8 br-62095ea4b43a 256
ff00::/8 veth3d41eb9 256
ff00::/8 vethabfa40d 256
ff00::/8 vethb5fe6a1 256
ff00::/8 veth1a669be 256
ff00::/8 vetha13f819 256
ff00::/8 vethbd1eeaa 256
ff00::/8 vethca6a032 256
ff00::/8 veth0ed80b7 256
ff00::/8 vetha3a137b 256
ff00::/8 docker0 256
ff00::/8 vethafe6a14 256