PHP :: Bug #35653 :: Is it a bug related to 3DES(padding)

Bug #35653	Is it a bug related to 3DES(padding)
Submitted:	2005-12-13 04:26 UTC	Modified:	2005-12-14 03:35 UTC
From:	link705 at hotmail dot com	Assigned:	derick (profile)
Status:	Closed	Package:	mcrypt related
PHP Version:	5CVS-2005-12-13 (snap)	OS:	Win2000
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	link705 at hotmail dot com
New email:
PHP Version:		OS:

New Comment:

[2005-12-13 04:26 UTC] link705 at hotmail dot com

Description:
------------
this code blow for use 3DES,but I can't get result in expect.
for mistake only occured on tail of result, and I compare then php code to C# code(c# get the right result),
in c#,has this line
mCSP.Padding = System.Security.Cryptography.PaddingMode.PKCS7
but I can't found the way to set it in php
so
is a bug of php?
what can i do to get it in except.

Reproduce code:
---------------
///php code
function GetIV(){
  $res = "";
  for($i = 1; $i <= 8; $i++)
    $res .= chr($i);
  return $res;
}

function fmt3DESEx($s){
  $key = pack('H48',"9F8C243AEE347183B39DD81B20941E86BC11529B034C8842");
  $td = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_CBC, '');
  $iv = GetIV();   //like c# new byte[]{1,2,3,4,5,6,7,8}
  mcrypt_generic_init($td, $key, $iv);
  $encrypted_data = mcrypt_generic($td, $s);
  mcrypt_generic_deinit($td);
  mcrypt_module_close($td);
  return $encrypted_data;
}
$S = "123456";
echo(BASE64_Encode(fmt3DESEx(sha1($S, true))));

//********************C# code ******************
    private string fmt3DES(byte[] Value){
      byte[] bytKey = new byte[]{0x9F,0x8C,0x24,0x3A,0xEE,0x34,0x71,0x83,0xB3,0x9D,0xD8,0x1B,0x20,0x94,0x1E,0x86,0xBC,0x11,0x52,0x9B,0x03,0x4C,0x88,0x42};
      ICryptoTransform ct;
      MemoryStream ms;
      CryptoStream cs;

      SymmetricAlgorithm mCSP = new TripleDESCryptoServiceProvider();
      mCSP.IV = new byte[]{1,2,3,4,5,6,7,8};//Convert.FromBase64String("12345678");//
      mCSP.Key = bytKey;
      mCSP.Mode = System.Security.Cryptography.CipherMode.CBC;
      mCSP.Padding = System.Security.Cryptography.PaddingMode.PKCS7;
      
      ct = mCSP.CreateEncryptor(mCSP.Key, mCSP.IV);
      ms = new MemoryStream();
      cs = new CryptoStream(ms, ct, CryptoStreamMode.Write);
      cs.Write(Value, 0, Value.Length);
      cs.FlushFinalBlock();	
      cs.Close();      
      return Convert.ToBase64String(ms.ToArray());
    }

    private void btnTest_Click(object sender, System.EventArgs e) {    
      string s;
      Byte[] clearBytes = Encoding.UTF8.GetBytes(txtSrc.Text);
      Byte[] hashedBytes = ((HashAlgorithm)CryptoConfig.CreateFromName("SHA1")).ComputeHash(clearBytes);
      s = Convert.ToBase64String(hashedBytes);
      txt2.Text = fmt3DES(hashedBytes);
    }


Expected result:
----------------
xUL2ewBUn7mqNdrgbTzoZyfUjOMZw6r2

Actual result:
--------------
xUL2ewBUn7mqNdrgbTzoZ+vkYhgNnLbQ
                     ^^^^^^^^^^^ difference

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-12-13 04:49 UTC] link705 at hotmail dot com

this problem also exists where OS is linux ad 2.1

[2005-12-13 07:45 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip

[2005-12-13 09:09 UTC] link705 at hotmail dot com

I get then same incorrect result in PHP version(5.1.2-dev),
Actual result(incorrect):
--------------
xUL2ewBUn7mqNdrgbTzoZ+vkYhgNnLbQ
                     ^^^^^^^^^^^ difference

[2005-12-13 11:27 UTC] link705 at hotmail dot com

I try more,it looks irrespective of padding,
but what happend???

[2005-12-14 01:47 UTC] link705 at hotmail dot com

hi,my friend, actually, 'paddingmode' cause this problem.
I chang paddingmode in c# from PKCS7 to Zeros??then get the same result
--------------------------------
xUL2ewBUn7mqNdrgbTzoZ+vkYhgNnLbQ
--------------------------------
but this result is DO not my wanted(I have to get result:'xUL2ewBUn7mqNdrgbTzoZyfUjOMZw6r2' to fit third party's requirement).
so, I must get result'xUL2ewBUn7mqNdrgbTzoZyfUjOMZw6r2' in php anyway until I give up to use php to connect third party.
who can help me? recomplied source code?
I have no idea now.

[2005-12-14 03:35 UTC] link705 at hotmail dot com

thanks.
I get it by fill 'padding char' myself.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Jul 07 01:01:34 2025 UTC