CAST5/CBC incorrect output
guidovranken opened this issue · 3 comments
guidovranken commented
I subjected Botan to differential fuzzing (see https://github.com/guidovranken/cryptofuzz).
It found that the result for CAST5/CBC encryption differs from OpenSSL and Crypto++ for the same inputs (cleartext, key and iv).
operation name: SymmetricEncrypt
cleartext: {0x2b, 0x2b, 0x2e, 0x51, 0x17, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x80, 0xce, 0x00, 0x40, 0xd9} (16 bytes)
cipher iv: {0x38, 0xc2, 0x69, 0xb1, 0xcd, 0x42, 0xdd, 0x27} (8 bytes)
cipher key: {0x0a, 0xb0, 0xaa, 0xbb, 0x24, 0xff, 0x01, 0x05, 0xb6, 0xaa, 0x6d, 0x28, 0x20} (13 bytes)
cipher: CAST5_CBC
Module OpenSSL result:
ciphertext = {0x93, 0xf6, 0xff, 0xd5, 0x33, 0x00, 0x4f, 0x1d, 0xaf, 0x35, 0x2b, 0xeb, 0xa0, 0x68, 0x17, 0xfc,
0xf2, 0x6d, 0x99, 0xb9, 0x10, 0x73, 0x33, 0x21} (24 bytes)
Module Botan result:
ciphertext = {0x75, 0xb7, 0xcc, 0x97, 0x55, 0x22, 0x93, 0x31, 0xbe, 0xd1, 0x66, 0x89, 0xd0, 0x7d, 0x76, 0x49,
0xfb, 0xf2, 0xa9, 0x3e, 0xce, 0xbb, 0x9d, 0xf4} (24 bytes)
Module Crypto++ result:
ciphertext = {0x93, 0xf6, 0xff, 0xd5, 0x33, 0x00, 0x4f, 0x1d, 0xaf, 0x35, 0x2b, 0xeb, 0xa0, 0x68, 0x17, 0xfc,
0xf2, 0x6d, 0x99, 0xb9, 0x10, 0x73, 0x33, 0x21} (24 bytes)
randombit commented
Thanks - it is probably some bug with short key lengths. I will investigate this soon.
randombit commented
Fixed in master thanks again
guidovranken commented
You're welcome!