PHP :: Doc Bug #50082 :: Incorrect test vector CFB/OFB results for Blowfish encryption

Incorrect test vector CFB/OFB results for Blowfish encryption

Submitted:

2009-11-04 23:10 UTC

Modified:

2009-11-13 16:57 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	0 (0.0%)

From:

gslin at pixnet dot tw

Assigned:

Status:

Closed

Package:

Documentation problem

PHP Version:

5.2.11

OS:

FreeBSD 7.2-RELEASE i386

Private report:

CVE-ID:

None

View Developer Edit

[2009-11-04 23:10 UTC] gslin at pixnet dot tw

Description:
------------
Incorrect results for CFB/OFB Blowfish test vectors (http://www.schneier.com/code/vectors.txt).

Reproduce code:
---------------
<?php

$iv = pack('H*', 'FEDCBA9876543210');
printf("iv: %s\n", bin2hex($iv));
$k = pack('H*', '0123456789ABCDEFF0E1D2C3B4A59687');
printf("key: %s\n", bin2hex($k));
$data = pack('H*', '37363534333231204E6F77206973207468652074696D6520666F722000');
printf("data: %s\n", bin2hex($data));
$cbc = mcrypt_cbc('blowfish', $k, $data, MCRYPT_ENCRYPT, $iv);
printf("cbc: %s\n", bin2hex($cbc));
$cfb = mcrypt_cfb('blowfish', $k, $data, MCRYPT_ENCRYPT, $iv);
printf("cfb: %s\n", bin2hex($cfb));
$ofb = mcrypt_cfb('blowfish', $k, $data, MCRYPT_ENCRYPT, $iv);
printf("ofb: %s\n", bin2hex($ofb));

Expected result:
----------------
iv: fedcba9876543210
key: 0123456789abcdeff0e1d2c3b4a59687
data: 37363534333231204e6f77206973207468652074696d6520666f722000
cbc: 6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc
cfb: e73214a2822139caf26ecf6d2eb9e76e3da3de04d1517200519d57a6c3
ofb: e73214a2822139ca62b343cc5b65587310dd908d0c241b2263c2cf80da

Actual result:
--------------
iv: fedcba9876543210
key: 0123456789abcdeff0e1d2c3b4a59687
data: 37363534333231204e6f77206973207468652074696d6520666f722000
cbc: 6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc
cfb: e7bb1fc3073eb8314b378689fab0b1160244415d4d017fce0d9b4cb2fa
ofb: e7bb1fc3073eb8314b378689fab0b1160244415d4d017fce0d9b4cb2fa

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-11-11 01:53 UTC] fa@php.net

Hello,
this is not a bug in PHP.

cfb/ofb in mcrypt is 8bit by default (see http://mcrypt.hellug.gr/lib/mcrypt.3.html)

the data given on your link (http://www.schneier.com/code/vectors.txt) clearly states 64bit cfb/ofb.

Another version of your test script:
<?php

$iv = pack('H*', 'FEDCBA9876543210');
printf("iv: %s\n", bin2hex($iv));
$k = pack('H*', '0123456789ABCDEFF0E1D2C3B4A59687');
printf("key: %s\n", bin2hex($k));
$data = pack('H*',
'37363534333231204E6F77206973207468652074696D6520666F722000');
printf("data:(%d) '%s'\n", strlen($data), $data);
printf("data:(%d) '%s'\n", strlen(bin2hex($data)), bin2hex($data));
$cbc = mcrypt_cbc('blowfish', $k, $data, MCRYPT_ENCRYPT, $iv);
printf("cbc: %s\n", bin2hex($cbc));
$cfb = mcrypt_cfb('blowfish', $k, $data, MCRYPT_ENCRYPT, $iv);
printf("cfb: %s\n", bin2hex($cfb));
$ofb = mcrypt_ofb('blowfish', $k, $data, MCRYPT_ENCRYPT, $iv);
printf("ofb: %s\n", bin2hex($ofb));

$td = mcrypt_module_open('blowfish', '', 'ncfb', '');
mcrypt_generic_init($td, $k, $iv);
$x = mcrypt_generic($td, $data);
printf("ncfb: %s\n", bin2hex($x));
$td = mcrypt_module_open('blowfish', '', 'nofb', '');
mcrypt_generic_init($td, $k, $iv);
$x = mcrypt_generic($td, $data);
printf("nofb: %s\n", bin2hex($x));

and the output:
iv: fedcba9876543210
key: 0123456789abcdeff0e1d2c3b4a59687
data:(29) '7654321 Now is the time for '
data:(58) '37363534333231204e6f77206973207468652074696d6520666f722000'
cbc: 6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc
cfb: e7bb1fc3073eb8314b378689fab0b1160244415d4d017fce0d9b4cb2fa
ofb: e7e246a97576bf3da1236575443e0c46bcdb2638fe825603f561ffe6aa
ncfb: e73214a2822139caf26ecf6d2eb9e76e3da3de04d1517200519d57a6c3
nofb: e73214a2822139ca62b343cc5b65587310dd908d0c241b2263c2cf80da

[2009-11-11 01:56 UTC] fa@php.net

Actually this should be documented properly to avoid further RTFM and mcrypt is badly documented anyway.

[2009-11-13 16:57 UTC] svn@php.net

Automatic comment from SVN on behalf of vrana
Revision: http://svn.php.net/viewvc/?view=revision&revision=290675
Log: CFB/OFB 8bit (bug #50082)

[2009-11-13 16:57 UTC] vrana@php.net

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

"CFB/OFB are 8bit by default."

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 16 16:01:34 2025 UTC