php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47125 MCRYPT_RIJNDAEL_256, 192 do not use blocksizes of 128 bit as specified in AES
Submitted: 2009-01-16 10:56 UTC Modified: 2009-01-18 20:26 UTC
From: j dot andersch at foofox dot de Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 5.2.8 OS: *
Private report: No CVE-ID: None
 [2009-01-16 10:56 UTC] j dot andersch at foofox dot de
Description:
------------
According to the AES-specifications [1] the AES-Rijndael encrypts always blocks of 128 bits of binary data with a key of 128, 196 or 256 bit, and therefore the output should always be 128 bit.

However only the MCRYPT_RIJNDAEL_128 algorithm conforms with [1], because the blocksizes to be encrypted of the other implementations expand to 192 and 256 bit instead of using 128 bit.

MCRYPT_RIJNDAEL_192 uses int nb=6 and the MCRYPT_RIJNDAEL_256 uses int nb=8 insted of int nb = 4 in libmcrypt-2.5.8/modules/algorithms/rijndael-256.c and rijndael-192.c

________________

[1] Federal Information Processing Standards Publication 197, November 26, 2001, Announcing the ADVANCED ENCRYPTION STANDARD (AES)
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

Reproduce code:
---------------
<?php

# test if AES complies with [1]

$key = 'E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FA';
$plaintext = '014BAF2278A69D331D5180103643E99A';
# expected cipher: 6743C3D1519AB4F2CD9A78AB09A511BD

# convert input
$key = pack('H*', $key);
$plaintext = pack('H*', $plaintext);

# encrypt
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
 
mcrypt_generic_init($td, $key, $iv);
	
$encrypted_data = mcrypt_generic($td, $plaintext);

mcrypt_generic_deinit($td);
mcrypt_module_close($td);
 
# display encryption value: should be 6743c3d1519ab4f2cd9a78ab09a511bd 
echo bin2hex($encrypted_data); 

?>

Expected result:
----------------
modifying the script for the MCRYPT_RIJNDAEL_192 and MCRYPT_RIJNDAEL_256 bit encryption should give:

Key (192): 04050607090A0B0C0E0F10111314151618191A1B1D1E1F20
Plaintext:76777475F1F2F3F4F8F9E6E777707172
Ciphertext: 5d1ef20dced6bcbc12131ac7c54788aa

Key (256): 08090A0B0D0E0F10121314151718191A1C1D1E1F21222324262728292B2C2D2E
Plaintext:069A007FC76A459F98BAF917FEDF9521
Ciphertext:080e9517eb1677719acf728086040ae3


Actual result:
--------------
192: d08b9555cdcef5cfa6c421654e5efc686408f0e120c1ec38
256: 01e0d5ddff688d8377101cd6fb60b4474a66a0d3a22e72a75dbe24daa9aa4dfe

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-01-18 20:26 UTC] derick@php.net
THis is not a bug in PHP, but in libmcrypt like you already mentioned yourself:

> MCRYPT_RIJNDAEL_192 uses int nb=6 and the MCRYPT_RIJNDAEL_256 uses
> int nb=8 insted of int nb = 4 in
> libmcrypt-2.5.8/modules/algorithms/rijndael-256.c and 
> rijndael-192.c

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC