From: j dot andersch at foofox dot de Operating system: all PHP version: 5.2.8 PHP Bug Type: mcrypt related Bug description: MCRYPT_RIJNDAEL_256, 192 do not use blocksizes of 128 bit as specified in AES
Description: ------------ According to the AES-specifications [1] the AES-Rijndael encrypts always blocks of 128 bits of binary data with a key of 128, 196 or 256 bit, and therefore the output should always be 128 bit. However only the MCRYPT_RIJNDAEL_128 algorithm conforms with [1], because the blocksizes to be encrypted of the other implementations expand to 192 and 256 bit instead of using 128 bit. MCRYPT_RIJNDAEL_192 uses int nb=6 and the MCRYPT_RIJNDAEL_256 uses int nb=8 insted of int nb = 4 in libmcrypt-2.5.8/modules/algorithms/rijndael-256.c and rijndael-192.c ________________ [1] Federal Information Processing Standards Publication 197, November 26, 2001, Announcing the ADVANCED ENCRYPTION STANDARD (AES) http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf Reproduce code: --------------- <?php # test if AES complies with [1] $key = 'E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FA'; $plaintext = '014BAF2278A69D331D5180103643E99A'; # expected cipher: 6743C3D1519AB4F2CD9A78AB09A511BD # convert input $key = pack('H*', $key); $plaintext = pack('H*', $plaintext); # encrypt $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, ''); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); mcrypt_generic_init($td, $key, $iv); $encrypted_data = mcrypt_generic($td, $plaintext); mcrypt_generic_deinit($td); mcrypt_module_close($td); # display encryption value: should be 6743c3d1519ab4f2cd9a78ab09a511bd echo bin2hex($encrypted_data); ?> Expected result: ---------------- modifying the script for the MCRYPT_RIJNDAEL_192 and MCRYPT_RIJNDAEL_256 bit encryption should give: Key (192): 04050607090A0B0C0E0F10111314151618191A1B1D1E1F20 Plaintext:76777475F1F2F3F4F8F9E6E777707172 Ciphertext: 5d1ef20dced6bcbc12131ac7c54788aa Key (256): 08090A0B0D0E0F10121314151718191A1C1D1E1F21222324262728292B2C2D2E Plaintext:069A007FC76A459F98BAF917FEDF9521 Ciphertext:080e9517eb1677719acf728086040ae3 Actual result: -------------- 192: d08b9555cdcef5cfa6c421654e5efc686408f0e120c1ec38 256: 01e0d5ddff688d8377101cd6fb60b4474a66a0d3a22e72a75dbe24daa9aa4dfe -- Edit bug report at http://bugs.php.net/?id=47125&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=47125&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=47125&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=47125&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=47125&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=47125&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=47125&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=47125&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=47125&r=needscript Try newer version: http://bugs.php.net/fix.php?id=47125&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=47125&r=support Expected behavior: http://bugs.php.net/fix.php?id=47125&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=47125&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=47125&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=47125&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=47125&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=47125&r=dst IIS Stability: http://bugs.php.net/fix.php?id=47125&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=47125&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=47125&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=47125&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=47125&r=mysqlcfg
