PHP :: Bug #47125 :: MCRYPT_RIJNDAEL_256, 192 do not use blocksizes of 128 bit as specified in AES

Bug #47125	MCRYPT_RIJNDAEL_256, 192 do not use blocksizes of 128 bit as specified in AES
Submitted:	2009-01-16 10:56 UTC	Modified:	2009-01-18 20:26 UTC
From:	j dot andersch at foofox dot de	Assigned:
Status:	Not a bug	Package:	mcrypt related
PHP Version:	5.2.8	OS:	*
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2009-01-16 10:56 UTC] j dot andersch at foofox dot de

Description:
------------
According to the AES-specifications [1] the AES-Rijndael encrypts always blocks of 128 bits of binary data with a key of 128, 196 or 256 bit, and therefore the output should always be 128 bit.

However only the MCRYPT_RIJNDAEL_128 algorithm conforms with [1], because the blocksizes to be encrypted of the other implementations expand to 192 and 256 bit instead of using 128 bit.

MCRYPT_RIJNDAEL_192 uses int nb=6 and the MCRYPT_RIJNDAEL_256 uses int nb=8 insted of int nb = 4 in libmcrypt-2.5.8/modules/algorithms/rijndael-256.c and rijndael-192.c

________________

[1] Federal Information Processing Standards Publication 197, November 26, 2001, Announcing the ADVANCED ENCRYPTION STANDARD (AES)
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

Reproduce code:
---------------
<?php

# test if AES complies with [1]

$key = 'E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FA';
$plaintext = '014BAF2278A69D331D5180103643E99A';
# expected cipher: 6743C3D1519AB4F2CD9A78AB09A511BD

# convert input
$key = pack('H*', $key);
$plaintext = pack('H*', $plaintext);

# encrypt
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
 
mcrypt_generic_init($td, $key, $iv);
	
$encrypted_data = mcrypt_generic($td, $plaintext);

mcrypt_generic_deinit($td);
mcrypt_module_close($td);
 
# display encryption value: should be 6743c3d1519ab4f2cd9a78ab09a511bd 
echo bin2hex($encrypted_data); 

?>

Expected result:
----------------
modifying the script for the MCRYPT_RIJNDAEL_192 and MCRYPT_RIJNDAEL_256 bit encryption should give:

Key (192): 04050607090A0B0C0E0F10111314151618191A1B1D1E1F20
Plaintext:76777475F1F2F3F4F8F9E6E777707172
Ciphertext: 5d1ef20dced6bcbc12131ac7c54788aa

Key (256): 08090A0B0D0E0F10121314151718191A1C1D1E1F21222324262728292B2C2D2E
Plaintext:069A007FC76A459F98BAF917FEDF9521
Ciphertext:080e9517eb1677719acf728086040ae3


Actual result:
--------------
192: d08b9555cdcef5cfa6c421654e5efc686408f0e120c1ec38
256: 01e0d5ddff688d8377101cd6fb60b4474a66a0d3a22e72a75dbe24daa9aa4dfe

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-01-18 20:26 UTC] derick@php.net

THis is not a bug in PHP, but in libmcrypt like you already mentioned yourself:

> MCRYPT_RIJNDAEL_192 uses int nb=6 and the MCRYPT_RIJNDAEL_256 uses
> int nb=8 insted of int nb = 4 in
> libmcrypt-2.5.8/modules/algorithms/rijndael-256.c and 
> rijndael-192.c

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 03:01:28 2024 UTC