php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62102 mcrypt CAST128 80/40-bit does not agree with RFC2144 test vectors
Submitted: 2012-05-22 01:54 UTC Modified: 2016-12-14 17:55 UTC
Votes:3
Avg. Score:3.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: nathanpust at hotmail dot com Assigned: leigh (profile)
Status: Closed Package: mcrypt related
PHP Version: 5.3.13 OS: Windows XP
Private report: No CVE-ID: None
 [2012-05-22 01:54 UTC] nathanpust at hotmail dot com
Description:
------------
Please verify that the 80-bit and 40-bit test vectors in RFC2144 Section B.1 do 
not agree with the output from mcrypt when using CAST 128 encryption.  I provided 
a test program with functions that print and parse the hexadecimal.

I am using mcrypt 2.5.8 on php 5.3.13.

The 128-bit test vector does work though. The problem is probably related to the 
fact that CAST-128 changes the number of rounds from 16 to 12 when a key is 80 
bits or smaller.

I have verified that the test vectors in RFC2144 work with a different piece of 
code written in C.

Please let me know if there is a work around.

Test script:
---------------
function str2hex($string)
{
    $hex='';
    for ($i=0; $i < strlen($string); $i++)
    {
        $hex .= sprintf("%02x",ord($string[$i])) . ' ';
    }
    return $hex;
}

function hex2str($x) { 
  $s=''; 
  foreach(explode("\n",trim(chunk_split($x,2))) as $h) $s.=chr(hexdec($h)); 
  return($s); 
} 

//RFC-2144
$text = hex2str("0123456789ABCDEF");

//Section B.1 128-bit example
$key  = hex2str("0123456712345678234567893456789A");
echo "RFC-2144 Section B.1 128-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";

//RFC-2144
//Section B.1 80-bit example
$key  = hex2str("01234567123456782345");
echo "RFC-2144 Section B.1 80-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";

//RFC-2144
//Section B.1 40-bit example
$key  = hex2str("0123456712");
echo "RFC-2144 Section B.1 40-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";

Expected result:
----------------
see RFC2144 Section B.1

Actual result:
--------------
see result of provided code.

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-03-04 19:49 UTC] narf at devilix dot net
I tried commenting earlier, not sure why my comment didn't show up ... this appears to have been fixed. Both the OP's and my own tests produce the expected results (from RFC2144) on PHP 5.4, 5.5.
 [2014-10-16 04:26 UTC] gm dot outside+php at gmail dot com
This is just to let people know that there is a bug in the mcrypt 2.5.8 library and the library does not support 80- and 40- bit keys.  However, there is a Debian patch (one line patch, actually) that fixes the issue: http://debian.2.n7.nabble.com/Bug-299509-libmcrypt-support-of-40-and-80-bits-long-keys-with-CAST5-td575143.html

Debian/Ubuntu has this patch incorporated, RHEL/CentOS/FC at this point of time do not.  So the test will pass on the distros where mcrypt has been fixed.
 [2016-12-14 17:55 UTC] leigh@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: leigh
 [2016-12-14 17:55 UTC] leigh@php.net
Closing as this was a bug in the underlying library (which was fixed) and the supplied test has already been committed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 18:01:29 2024 UTC