#51146 [Opn->Fbk]: mcrypt doesn't do OFB mode correctly

Thu, 25 Feb 2010 11:24:12 -0800 

 ID:               51146
 Updated by:       [email protected]
 Reported By:      zelnaga at gmail dot com
-Status:           Open
+Status:           Feedback
 Bug Type:         mcrypt related
 Operating System: Windows XP
 PHP Version:      5.3.1
 New Comment:

It looks like a libmcrypt problem, if it is a bug. Can you try using
the mcrypt cmd line tools? If it fails and you see it as a bug, please
report a bug to the mcrypt project. Let us know how it went.


Previous Comments:
------------------------------------------------------------------------

[2010-02-25 18:18:35] zelnaga at gmail dot com

mcrypt also seems to be implementing OFB and CFB modes identically. 
Although the first block produced by either mode should be the same,
subsequent blocks should be different. ie. in CFB, the second block is
XOR'd with the previous ciphertext, reencrypted with the key, whereas in
OFB, the second block is XOR'd with that which the previous text was
previously XOR'd with.

Example code:

<?php
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_OFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
echo urlencode(mcrypt_generic($td, str_repeat("\0", 16))) . "\r\n";

$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
echo urlencode(mcrypt_generic($td, str_repeat("\0", 16)));
?>

------------------------------------------------------------------------

[2010-02-25 18:01:52] zelnaga at gmail dot com

Description:
------------
Correct me if I'm wrong, but shouldn't an ECB decryption of an OFB
encrypted string of null bytes produce a string whose first eight bytes
(assuming that that's the block size) are equal to the IV?  Certainly
that's the impression I get from wikipedia.org's discussion of OFB.

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29



Reproduce code:
---------------
<?php
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_OFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
$ciphertext = mcrypt_generic($td, "\0\0\0\0\0\0\0\0");

$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo urlencode(mdecrypt_generic($td, $ciphertext));
?>

Expected result:
----------------
bbbbbbbb

Actual result:
--------------
5%FBdq%C7Y7%13


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=51146&edit=1

Reply via email to