php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66949 Serpent produces result which can not be decrypted from other languages
Submitted: 2014-03-24 20:06 UTC Modified: 2016-12-14 18:00 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: pkorsukov at gmail dot com Assigned: leigh (profile)
Status: Closed Package: mcrypt related
PHP Version: 5.5.10 OS: Windows 7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: pkorsukov at gmail dot com
New email:
PHP Version: OS:

 

 [2014-03-24 20:06 UTC] pkorsukov at gmail dot com
Description:
------------
The implementation of Serpent in PHP not passes test from Serpent AES submission. As a result, the sting encrypted by PHP MCrypt can not be decrypted in other programming languages (I tried C# and Bouncy Castle support tried Java). If we use same key and iv, then PHP results for decrypt or encrypt differs from other programming languages.
More details: https://github.com/bcgit/bc-csharp/issues/13#issuecomment-38490830

Test script:
---------------
<?php
function crypt_test($algo, $mode, $key, $iv, $name, $plaintext, $expected) {
    $cipher = mcrypt_module_open($algo,'',$mode,'');
    mcrypt_generic_init($cipher, $key, $iv);
    $encrypted = mcrypt_generic($cipher, hex2bin($plaintext));

    printf("%s/%s %s:\n expected: %s\n   actual: %s\n", $algo, $mode, $name, bin2hex($encrypted), $expected);

    mcrypt_generic_deinit($cipher);
    mcrypt_module_close($cipher);
}

$key = hex2bin('00000000000000000000000000000000');
$iv = hex2bin('00000000000000000000000000000000');

crypt_test('serpent', 'ecb', $key, $iv, 'zeros', '00000000000000000000000000000000', 'e9ba668276b81896d093a9e67ab12036');
crypt_test('serpent', 'ecb', $key, $iv, 'I1', '80000000000000000000000000000000', '10b5ffb720b8cb9002a1142b0ba2e94a');
crypt_test('serpent', 'ecb', $key, $iv, 'I2', '40000000000000000000000000000000', '91a7847ef1cd87551b5b4bf6f8e96e2c');
crypt_test('serpent', 'ecb', $key, $iv, 'I3', '20000000000000000000000000000000', '5d32aece8383fb2ee22cb4a6061d1429');

?>

Expected result:
----------------
serpent/ecb zeros:
 expected: 3620b17ae6a993d09618b8768266bae9
   actual: 3620b17ae6a993d09618b8768266bae9
serpent/ecb I1:
 expected: a3b35de7c358ddd82644678c64b8bcbb
   actual: a3b35de7c358ddd82644678c64b8bcbb
serpent/ecb I2:
 expected: 04abcfe4e0af27ff92a2bb10949d7dd2
   actual: 04abcfe4e0af27ff92a2bb10949d7dd2
serpent/ecb I3:
 expected: 8f773194b78ef2b2740237ef12d08608
   actual: 8f773194b78ef2b2740237ef12d08608

Actual result:
--------------
serpent/ecb zeros:
 expected: 3620b17ae6a993d09618b8768266bae9
   actual: e9ba668276b81896d093a9e67ab12036
serpent/ecb I1:
 expected: a3b35de7c358ddd82644678c64b8bcbb
   actual: 10b5ffb720b8cb9002a1142b0ba2e94a
serpent/ecb I2:
 expected: 04abcfe4e0af27ff92a2bb10949d7dd2
   actual: 91a7847ef1cd87551b5b4bf6f8e96e2c
serpent/ecb I3:
 expected: 8f773194b78ef2b2740237ef12d08608
   actual: 5d32aece8383fb2ee22cb4a6061d1429

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-14 18:00 UTC] leigh@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: leigh
 [2016-12-14 18:00 UTC] leigh@php.net
Closing this report as the bug is in the underlying mcrypt library, not PHP itself.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 11:01:29 2024 UTC