php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #62102 mcrypt CAST128 80/40-bit does not agree with RFC2144 test vectors
Submitted: 2012-05-22 01:54 UTC Modified: 2016-12-14 17:55 UTC
Votes:3
Avg. Score:3.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: nathanpust at hotmail dot com Assigned: leigh (profile)
Status: Closed Package: mcrypt related
PHP Version: 5.3.13 OS: Windows XP
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: nathanpust at hotmail dot com
New email:
PHP Version: OS:

 

 [2012-05-22 01:54 UTC] nathanpust at hotmail dot com 
Description:
------------
Please verify that the 80-bit and 40-bit test vectors in RFC2144 Section B.1 do 
not agree with the output from mcrypt when using CAST 128 encryption.  I provided 
a test program with functions that print and parse the hexadecimal.

I am using mcrypt 2.5.8 on php 5.3.13.

The 128-bit test vector does work though. The problem is probably related to the 
fact that CAST-128 changes the number of rounds from 16 to 12 when a key is 80 
bits or smaller.

I have verified that the test vectors in RFC2144 work with a different piece of 
code written in C.

Please let me know if there is a work around.

Test script:
---------------
function str2hex($string)
{
    $hex='';
    for ($i=0; $i < strlen($string); $i++)
    {
        $hex .= sprintf("%02x",ord($string[$i])) . ' ';
    }
    return $hex;
}

function hex2str($x) { 
  $s=''; 
  foreach(explode("\n",trim(chunk_split($x,2))) as $h) $s.=chr(hexdec($h)); 
  return($s); 
} 

//RFC-2144
$text = hex2str("0123456789ABCDEF");

//Section B.1 128-bit example
$key  = hex2str("0123456712345678234567893456789A");
echo "RFC-2144 Section B.1 128-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";

//RFC-2144
//Section B.1 80-bit example
$key  = hex2str("01234567123456782345");
echo "RFC-2144 Section B.1 80-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";

//RFC-2144
//Section B.1 40-bit example
$key  = hex2str("0123456712");
echo "RFC-2144 Section B.1 40-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";

Expected result:
----------------
see RFC2144 Section B.1

Actual result:
--------------
see result of provided code.

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-03-04 19:49 UTC] narf at devilix dot net 
I tried commenting earlier, not sure why my comment didn't show up ... this appears to have been fixed. Both the OP's and my own tests produce the expected results (from RFC2144) on PHP 5.4, 5.5.
 [2014-10-16 04:26 UTC] gm dot outside+php at gmail dot com 
This is just to let people know that there is a bug in the mcrypt 2.5.8 library and the library does not support 80- and 40- bit keys.  However, there is a Debian patch (one line patch, actually) that fixes the issue: http://debian.2.n7.nabble.com/Bug-299509-libmcrypt-support-of-40-and-80-bits-long-keys-with-CAST5-td575143.html

Debian/Ubuntu has this patch incorporated, RHEL/CentOS/FC at this point of time do not.  So the test will pass on the distros where mcrypt has been fixed.
 [2016-12-14 17:55 UTC] leigh@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: leigh
 [2016-12-14 17:55 UTC] leigh@php.net 
Closing as this was a bug in the underlying library (which was fixed) and the supplied test has already been committed.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Nov 30 22:00:01 2025 UTC