Lua - encrypt / decrypt commands with aes cbc to pair with a Panasonic TV

Question

I’m trying to rework a script I found online to control a Panasonic TV, which requires a secure/encrypted pairing to occur so I can control it remotely. (The full code here -> https://forum.logicmachine.net/showthread.php?tid=232&pid=16580#pid16580)

Because it seems to be built on LuaJIT and has some other proprietary Lua elements; I’m trying to find alternatives that will allow it to work with the 5.1 Lua install on a Vera Home Automation controller (a relatively closed system).

Also, and perhaps most important for me is that I’d love to make as much of the converted code have minimal requirements to call external modules. I should add I’ve only recently started learning Lua, but one way I like to learn is to convert/repurpose code I find online..

So far i’ve managed to find alternatives for a number of the modules being used, e.g

• encdec.base64dec -> Lua Base64 Encode
• lmcore.hextostr -> https://github.com/tst2005/binascii/blob/master/binascii.lua
• storage.set -> Alternative found in Vera Home Controllers
• storage.get -> Alternative found in Vera Home Controllers
• bit.ban -> Bitware module in Vera Home Controllers
• bit.bxor -> Bitware module in Vera Home Controllers

Where I’m stuck is with the following..

• aes:new
• aes.cipher
• user.aes
• encdec.hmacsha256

Here’s an extract of the code where the above are used.

function encrypt_soap_payload(data, key, hmac_key, iv)
payload = '000000000000'
  n = #data

payload = payload .. string.char(bit.band(bit.rshift(n, 24), 0xFF))
payload = payload .. string.char(bit.band(bit.rshift(n, 16), 0xFF))
payload = payload .. string.char(bit.band(bit.rshift(n, 8), 0xFF))
payload = payload .. string.char(bit.band(n, 0xFF))

payload = payload .. data

 aes_cbc, err = aes:new(key, nil, aes.cipher(128, 'cbc'), { iv = iv }, nil, 1) 
  ciphertext = aes_cbc:encrypt(payload)
  sig = encdec.hmacsha256(ciphertext, hmac_key, true)
  encrypted_payload = encdec.base64enc(ciphertext .. sig)
  return encrypted_payload
end

function decrypt_soap_payload(data, key, hmac_key, iv)
  aes_cbc, err = aes:new(key, nil, aes.cipher(128, 'cbc'), { iv = iv }, nil, 0) 
  decrypted = aes_cbc:decrypt(encdec.base64dec(data))
  decrypted = string.gsub(string.sub(lmcore.strtohex(decrypted), 33), '%x%x', function(value) return string.char(tonumber(value, 16)) end) 
  return decrypted
end

I can get the the point where I can create the parameters for the payload encrypt request (example below), it’s the encryption/decryption I can do..

data="1234"
key="\\S„ßÍ}/Ìa5!"
hmac_key="¹jz¹2¸F\r}òcžÎ„ 臧.ª˜¹=¤µæŸ"
iv=" {¬£áæ‚2žâ3ÐÞË€ú "

I’ve found an aes.lua module online, but that requires loads of others modules most notably ffi.lua. Ideally I’d like to avoid using that. I also came across this aes128.lua but i’m not sure how that handles all the other parameters e.g cbc etc. Finally there’s this aes256ecb.lua script, could that be converted to aes 128 cbc and then used in the above?

Is anyone aware (or maybe has) a Lua script that can handle the aes cbc requirements above ?

Many thanks !

Answer 1

In the end I found out that I could do aes.cbc by calling openssl from the command line, e.g.

local payload = "ENTER HERE"
Local key = "ENTER HERE"
local iv = "ENTER HERE"

local buildsslcommand = "openssl enc -aes-128-cbc -nosalt -e -a -A "..payload.." -K "..key.." -iv "..iv

-- print("Command to send = " ..buildsslcommand)

local file = assert(io.popen(buildsslcommand, 'r'))
local output = file:read('*all')
file:close()

-- print(string.len(output)) --> just count what's returned.
-- print(output) -- > Prints the output of the command.

FYI - It looks like I could do encdec.hmacsha256 via openSSL as well, but I’ve not been able to do that :-( ..