php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #47125 MCRYPT_RIJNDAEL_256, 192 do not use blocksizes of 128 bit as specified in AES
Submitted: 2009-01-16 10:56 UTC Modified: 2009-01-18 20:26 UTC
From: j dot andersch at foofox dot de Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 5.2.8 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: j dot andersch at foofox dot de
New email:
PHP Version: OS:

 

 [2009-01-16 10:56 UTC] j dot andersch at foofox dot de 
Description:
------------
According to the AES-specifications [1] the AES-Rijndael encrypts always blocks of 128 bits of binary data with a key of 128, 196 or 256 bit, and therefore the output should always be 128 bit.

However only the MCRYPT_RIJNDAEL_128 algorithm conforms with [1], because the blocksizes to be encrypted of the other implementations expand to 192 and 256 bit instead of using 128 bit.

MCRYPT_RIJNDAEL_192 uses int nb=6 and the MCRYPT_RIJNDAEL_256 uses int nb=8 insted of int nb = 4 in libmcrypt-2.5.8/modules/algorithms/rijndael-256.c and rijndael-192.c

________________

[1] Federal Information Processing Standards Publication 197, November 26, 2001, Announcing the ADVANCED ENCRYPTION STANDARD (AES)
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

Reproduce code:
---------------
<?php

# test if AES complies with [1]

$key = 'E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FA';
$plaintext = '014BAF2278A69D331D5180103643E99A';
# expected cipher: 6743C3D1519AB4F2CD9A78AB09A511BD

# convert input
$key = pack('H*', $key);
$plaintext = pack('H*', $plaintext);

# encrypt
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
 
mcrypt_generic_init($td, $key, $iv);
	
$encrypted_data = mcrypt_generic($td, $plaintext);

mcrypt_generic_deinit($td);
mcrypt_module_close($td);
 
# display encryption value: should be 6743c3d1519ab4f2cd9a78ab09a511bd 
echo bin2hex($encrypted_data); 

?>

Expected result:
----------------
modifying the script for the MCRYPT_RIJNDAEL_192 and MCRYPT_RIJNDAEL_256 bit encryption should give:

Key (192): 04050607090A0B0C0E0F10111314151618191A1B1D1E1F20
Plaintext:76777475F1F2F3F4F8F9E6E777707172
Ciphertext: 5d1ef20dced6bcbc12131ac7c54788aa

Key (256): 08090A0B0D0E0F10121314151718191A1C1D1E1F21222324262728292B2C2D2E
Plaintext:069A007FC76A459F98BAF917FEDF9521
Ciphertext:080e9517eb1677719acf728086040ae3


Actual result:
--------------
192: d08b9555cdcef5cfa6c421654e5efc686408f0e120c1ec38
256: 01e0d5ddff688d8377101cd6fb60b4474a66a0d3a22e72a75dbe24daa9aa4dfe

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-01-18 20:26 UTC] derick@php.net 
THis is not a bug in PHP, but in libmcrypt like you already mentioned yourself:

> MCRYPT_RIJNDAEL_192 uses int nb=6 and the MCRYPT_RIJNDAEL_256 uses
> int nb=8 insted of int nb = 4 in
> libmcrypt-2.5.8/modules/algorithms/rijndael-256.c and 
> rijndael-192.c
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 18:01:29 2024 UTC