For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Feb 10, 2014

F5 CRYPTO methods

Does anyone have any usable code (any language) for the decryption of an F5/TCL encrypted string outside of TMM? I can't find any documentation that covers how CRYPTO works. This is what I'm workin...
application delivery
devops
iRules
James_Deucker_2's avatar
James_Deucker_2
Historic F5 Account
Feb 10, 2014

Here's how I did it with OpenSSL

 

when RULE_INIT {
    set static::hexkey "01020304050607080900010203040506"

    log local0.info"====Rule_Init===="
    log local0.info "Key is $static::hexkey"
    log local0.info"================="
}

when HTTP_REQUEST{
     in real use make a proper IV
    set iv [CRYPTO::keygen -alg random -len 128]
     in testing it's easier to use a static one
    set iv "01020304050607080900010203040506"

    set text_to_encrypt "This is some text that james encoded"
    set text_to_decrypt [b64decode "DRNSZkFVs1f7VvzrSBqRW6/5OmfDCFyZIe/XllRien8="]

    set enc_out_no_binary [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::hexkey -ivhex $iv $text_to_encrypt]
    set dec_in [CRYPTO::decrypt -alg aes-128-cbc -keyhex $static::hexkey -ivhex $iv $text_to_decrypt]

    log local0.info "The decrypted NO binary $dec_in"
    log local0.info "The Encrypted NO binary Base64 is -[b64encode "$enc_out_no_binary"]-"
    binary scan $enc_out_no_binary H* enc_hex
    log local0.info "The Encrypted NO binary Hex is -$enc_hex-"

    log local0.info "This is the IV $iv"

    HTTP::respond 200 content "All is OK\r\n" connection close
}

 

And from a box with openssl installed:

 

Apr  4 22:27:40 lab11-2 info tmm[12035]: Rule /Common/foo : ====Rule_Init====
Apr  4 22:27:40 lab11-2 info tmm[12035]: Rule /Common/foo : Key is 01020304050607080900010203040506
Apr  4 22:27:40 lab11-2 info tmm[12035]: Rule /Common/foo : =================
Apr  4 22:27:46 lab11-2 info tmm[12035]: Rule /Common/foo : The decrypted NO binary This is the test string
Apr  4 22:27:46 lab11-2 info tmm[12035]: Rule /Common/foo : The Encrypted NO binary Base64 is -7pBWsiQsifgaIECSBXhA5kqJQ1MO0VvqWznuJIzLrFukU0e/ki1Q0G/x9r6JdUNP-
Apr  4 22:27:46 lab11-2 info tmm[12035]: Rule /Common/foo : The Encrypted NO binary Hex is -ee9056b2242c89f81a204092057840e64a8943530ed15bea5b39ee248ccbac5ba45347bf922d50d06ff1f6be8975434f-
Apr  4 22:27:46 lab11-2 info tmm[12035]: Rule /Common/foo : This is the IV 01020304050607080900010203040506
[root@lab11-2:Active:Standalone] ~  cat>test.b64
7pBWsiQsifgaIECSBXhA5kqJQ1MO0VvqWznuJIzLrFukU0e/ki1Q0G/x9r6JdUNP
[root@lab11-2:Active:Standalone] ~  base64 -d < test.b64 > test.enc
base64: invalid input
[root@lab11-2:Active:Standalone] ~  openssl aes-128-cbc -d -in test.enc -out test.txt -K "$key128" -iv "$iv"
[root@lab11-2:Active:Standalone] ~  cat test.txt
This is some text that james encoded[root@lab11-2:Active:Standalone] ~ 
[root@lab11-2:Active:Standalone] ~  echo $iv
01020304050607080900010203040506
[root@lab11-2:Active:Standalone] ~  echo $key128
01020304050607080900010203040506
[root@lab11-2:Active:Standalone] ~