ID: 51146
User updated by: zelnaga at gmail dot com
Reported By: zelnaga at gmail dot com
Status: Open
Bug Type: mcrypt related
Operating System: Windows XP
PHP Version: 5.3.1
New Comment:
As far as I know, the IV is also used for the first round, so I am not
sure if your statement holds up.
Ummm... the IV - as defined in mcrypt_generic_init - is only used in
the first round. Per wikipedia, the first block against which the
plaintext is XOR'd is the IV encrypted with the key. That's true in
both CFB and OFB modes of operation. The difference between CFB and OFB
is what subsequent blocks encrypt for the keystream. So, per that, the
first block should be the same. And as for my first bug report...
<?php
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_OFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
echo urlencode(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
echo urlencode(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo urlencode(mcrypt_generic($td, 'bbbbbbbb'));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo urlencode(mcrypt_generic($td, 'bbbbbbbb'));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', 'ctr', '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
echo urlencode(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
?>
All of those should produce the same ciphertext. As it stands, only
ecb, cbc and ctr produce the same ciphertext. ofb and cfb produce the
same thing as each other (and, for the first block, they should, as I
already mentioned), however, they're not producing the same thing as any
of the other modes when, in fact, they should be.
Previous Comments:
------------------------------------------------------------------------
[2010-02-26 10:54:01] der...@php.net
As far as I know, the IV is also used for the first round, so I am not
sure if your statement holds up.
------------------------------------------------------------------------
[2010-02-26 03:28:05] zelnaga at gmail dot com
Filing a bug report is going to be a little difficult giving that, near
as I can tell, the command line version of mcrypt randomly generates
IV's. My first example requires the IV's be of a known value and my
second example requires encrypting the same string with two different
modes and with the same IV.
Also, to be honest, I don't know at all how to intreprete the data the
command line version of mcrypt is giving me, anyway. I do the
following:
mcrypt --algorithm des --mode ecb --no-openpgp test.txt --verbose
--bare
And I get a 100 byte file. Given that the source file was 16 bytes
("-" repeated sixteen times), that's a bit odd. Curious to see what the
remaining 84 bytes are, I do the following:
<?php
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, 'test', "\0\0\0\0\0\0\0\0");
echo mdecrypt_generic($td, file_get_contents('test.txt.nc'));
?>
And that doesn't produce anything even remotely resembling the source
text.
A while ago, there was a bug report filed on the mcrypt PHP extension
(49561) where someone reproduced the problem in C, using the mcrypt
libraries, and filed the bug report themselves. Can't that be done
here? I don't have the ability to compile PHP or PHP extensions such as
mcrypt and if no one reports the bug to the mcrypt developers than both
PHP and mcrypt will have this bug.
Of course, then again, given that bug # 49561 hasn't even been touched
by the mcrypt developers, it seems safe to assume that any bug report
that's filed - by me or anyone else - will be ignored. If mcrypt has
been abandoned by its developers when does PHP abandon mcrypt?
------------------------------------------------------------------------
[2010-02-25 19:23:47] paj...@php.net
It looks like a libmcrypt problem, if it is a bug. Can you try using
the mcrypt cmd line tools? If it fails and you see it as a bug, please
report a bug to the mcrypt project. Let us know how it went.
------------------------------------------------------------------------
[2010-02-25 18:18:35] zelnaga at gmail dot com
mcrypt also seems to be implementing OFB and CFB modes identically.
Although the first block produced by either mode should be the same,
subsequent blocks should be different. ie. in CFB, the second block is
XOR'd with the previous ciphertext, reencrypted with the key, whereas in
OFB, the second block is XOR'd with that which the previous text was
previously XOR'd with.
Example code:
<?php
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_OFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
echo urlencode(mcrypt_generic($td, str_repeat("\0", 16))) . "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
echo urlencode(mcrypt_generic($td, str_repeat("\0", 16)));
?>
------------------------------------------------------------------------
[2010-02-25 18:01:52] zelnaga at gmail dot com
Description:
------------
Correct me if I'm wrong, but shouldn't an ECB decryption of an OFB
encrypted string of null bytes produce a string whose first eight bytes
(assuming that that's the block size) are equal to the IV? Certainly
that's the impression I get from wikipedia.org's discussion of OFB.
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29
Reproduce code:
---------------
<?php
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_OFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
$ciphertext = mcrypt_generic($td, "\0\0\0\0\0\0\0\0");
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo urlencode(mdecrypt_generic($td, $ciphertext));
?>
Expected result:
----------------
bbbbbbbb
Actual result:
--------------
5%FBdq%C7Y7%13
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=51146&edit=1
