From:
Operating system: Windows XP
PHP version: 5.3.13
Package: mcrypt related
Bug Type: Bug
Bug description:mcrypt CAST128 80/40-bit does not agree with RFC2144 test
vectors
Description:
------------
Please verify that the 80-bit and 40-bit test vectors in RFC2144 Section
B.1 do
not agree with the output from mcrypt when using CAST 128 encryption. I
provided
a test program with functions that print and parse the hexadecimal.
I am using mcrypt 2.5.8 on php 5.3.13.
The 128-bit test vector does work though. The problem is probably related
to the
fact that CAST-128 changes the number of rounds from 16 to 12 when a key is
80
bits or smaller.
I have verified that the test vectors in RFC2144 work with a different
piece of
code written in C.
Please let me know if there is a work around.
Test script:
---------------
function str2hex($string)
{
$hex='';
for ($i=0; $i < strlen($string); $i++)
{
$hex .= sprintf("%02x",ord($string[$i])) . ' ';
}
return $hex;
}
function hex2str($x) {
$s='';
foreach(explode("\n",trim(chunk_split($x,2))) as $h) $s.=chr(hexdec($h));
return($s);
}
//RFC-2144
$text = hex2str("0123456789ABCDEF");
//Section B.1 128-bit example
$key = hex2str("0123456712345678234567893456789A");
echo "RFC-2144 Section B.1 128-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";
//RFC-2144
//Section B.1 80-bit example
$key = hex2str("01234567123456782345");
echo "RFC-2144 Section B.1 80-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";
//RFC-2144
//Section B.1 40-bit example
$key = hex2str("0123456712");
echo "RFC-2144 Section B.1 40-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";
Expected result:
----------------
see RFC2144 Section B.1
Actual result:
--------------
see result of provided code.
--
Edit bug report at https://bugs.php.net/bug.php?id=62102&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=62102&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=62102&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=62102&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=62102&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=62102&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=62102&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=62102&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=62102&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=62102&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=62102&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=62102&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=62102&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=62102&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=62102&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=62102&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=62102&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=62102&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=62102&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=62102&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=62102&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=62102&r=mysqlcfg
