PHP :: Bug #62102 :: mcrypt CAST128 80/40-bit does not agree with RFC2144 test vectors

Bug #62102

mcrypt CAST128 80/40-bit does not agree with RFC2144 test vectors

Submitted:

2012-05-22 01:54 UTC

Modified:

2016-12-14 17:55 UTC

Votes:	3
Avg. Score:	3.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

nathanpust at hotmail dot com

Assigned:

leigh (profile)

Status:

Closed

Package:

mcrypt related

PHP Version:

5.3.13

OS:

Windows XP

Private report:

CVE-ID:

None

View Developer Edit

[2012-05-22 01:54 UTC] nathanpust at hotmail dot com

Description:
------------
Please verify that the 80-bit and 40-bit test vectors in RFC2144 Section B.1 do 
not agree with the output from mcrypt when using CAST 128 encryption.  I provided 
a test program with functions that print and parse the hexadecimal.

I am using mcrypt 2.5.8 on php 5.3.13.

The 128-bit test vector does work though. The problem is probably related to the 
fact that CAST-128 changes the number of rounds from 16 to 12 when a key is 80 
bits or smaller.

I have verified that the test vectors in RFC2144 work with a different piece of 
code written in C.

Please let me know if there is a work around.

Test script:
---------------
function str2hex($string)
{
    $hex='';
    for ($i=0; $i < strlen($string); $i++)
    {
        $hex .= sprintf("%02x",ord($string[$i])) . ' ';
    }
    return $hex;
}

function hex2str($x) { 
  $s=''; 
  foreach(explode("\n",trim(chunk_split($x,2))) as $h) $s.=chr(hexdec($h)); 
  return($s); 
} 

//RFC-2144
$text = hex2str("0123456789ABCDEF");

//Section B.1 128-bit example
$key  = hex2str("0123456712345678234567893456789A");
echo "RFC-2144 Section B.1 128-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";

//RFC-2144
//Section B.1 80-bit example
$key  = hex2str("01234567123456782345");
echo "RFC-2144 Section B.1 80-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";

//RFC-2144
//Section B.1 40-bit example
$key  = hex2str("0123456712");
echo "RFC-2144 Section B.1 40-bit<BR>";
$enc = mcrypt_encrypt(MCRYPT_CAST_128,$key,$text,MCRYPT_MODE_ECB);
echo "ciphertext: " . str2hex($enc);
echo "<BR>";

Expected result:
----------------
see RFC2144 Section B.1

Actual result:
--------------
see result of provided code.

Patches

Pull Requests

Pull requests:

Add test for bug #62102 / RFC 2144 (php-src/612)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-03-04 19:49 UTC] narf at devilix dot net

I tried commenting earlier, not sure why my comment didn't show up ... this appears to have been fixed. Both the OP's and my own tests produce the expected results (from RFC2144) on PHP 5.4, 5.5.

[2014-10-16 04:26 UTC] gm dot outside+php at gmail dot com

This is just to let people know that there is a bug in the mcrypt 2.5.8 library and the library does not support 80- and 40- bit keys.  However, there is a Debian patch (one line patch, actually) that fixes the issue: http://debian.2.n7.nabble.com/Bug-299509-libmcrypt-support-of-40-and-80-bits-long-keys-with-CAST5-td575143.html

Debian/Ubuntu has this patch incorporated, RHEL/CentOS/FC at this point of time do not.  So the test will pass on the distros where mcrypt has been fixed.

[2016-12-14 17:55 UTC] leigh@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: leigh

[2016-12-14 17:55 UTC] leigh@php.net

Closing as this was a bug in the underlying library (which was fixed) and the supplied test has already been committed.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu May 08 11:01:27 2025 UTC