Edit report at http://bugs.php.net/bug.php?id=51146&edit=1
ID: 51146
Comment by: me at haravikk dot com
Reported by: zelnaga at gmail dot com
Summary: mcrypt doesn't do OFB mode correctly
Status: Open
Type: Bug
Package: mcrypt related
Operating System: Windows XP
PHP Version: 5.3.1
New Comment:
You're using the wrong OFB mode, you need to use MCRYPT_MODE_NOFB.
MCRYPT_MODE_OFB is per-byte, while MCRYPT_MODE_NOFB is per-block and
gives the
result you were expecting.
Previous Comments:
------------------------------------------------------------------------
[2010-04-13 23:36:44] zelnaga at gmail dot com
I was comparing mcrypt against openssl_encrypt() and... well, either
OpenSSL is wrong or mcrypt is wrong:
<?php
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_OFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo bin2hex(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo bin2hex(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
echo bin2hex(openssl_encrypt("\0\0\0\0\0\0\0\0", 'DES-OFB', 'aaaaaaaa',
true)) . "\r\n";
echo bin2hex(openssl_encrypt("\0\0\0\0\0\0\0\0", 'DES-CFB', 'aaaaaaaa',
true)) . "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo bin2hex(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo bin2hex(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', 'ctr', '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo bin2hex(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
?>
ie. mcrypt, in CTR, CBC and ECB modes equal OpenSSL in OFB and CFB modes
but not mcrypt in OFB and CFB modes. In other words, OpenSSL's OFB !=
mcrypt's OFB and they should.
------------------------------------------------------------------------
[2010-02-26 16:16:56] zelnaga at gmail dot com
As far as I know, the IV is also used for the first round, so I am not
sure if your statement holds up.
Ummm... the IV - as defined in mcrypt_generic_init - is only used in
the first round. Per wikipedia, the first block against which the
plaintext is XOR'd is the IV encrypted with the key. That's true in
both CFB and OFB modes of operation. The difference between CFB and OFB
is what subsequent blocks encrypt for the keystream. So, per that, the
first block should be the same. And as for my first bug report...
<?php
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_OFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
echo urlencode(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
echo urlencode(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo urlencode(mcrypt_generic($td, 'bbbbbbbb'));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo urlencode(mcrypt_generic($td, 'bbbbbbbb'));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', 'ctr', '');
mcrypt_generic_init($td, 'aaaaaaaa', 'bbbbbbbb');
echo urlencode(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
?>
All of those should produce the same ciphertext. As it stands, only
ecb, cbc and ctr produce the same ciphertext. ofb and cfb produce the
same thing as each other (and, for the first block, they should, as I
already mentioned), however, they're not producing the same thing as any
of the other modes when, in fact, they should be.
------------------------------------------------------------------------
[2010-02-26 10:54:01] der...@php.net
As far as I know, the IV is also used for the first round, so I am not
sure if your statement holds up.
------------------------------------------------------------------------
[2010-02-26 03:28:05] zelnaga at gmail dot com
Filing a bug report is going to be a little difficult giving that, near
as I can tell, the command line version of mcrypt randomly generates
IV's. My first example requires the IV's be of a known value and my
second example requires encrypting the same string with two different
modes and with the same IV.
Also, to be honest, I don't know at all how to intreprete the data the
command line version of mcrypt is giving me, anyway. I do the
following:
mcrypt --algorithm des --mode ecb --no-openpgp test.txt --verbose
--bare
And I get a 100 byte file. Given that the source file was 16 bytes ("-"
repeated sixteen times), that's a bit odd. Curious to see what the
remaining 84 bytes are, I do the following:
<?php
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, 'test', "\0\0\0\0\0\0\0\0");
echo mdecrypt_generic($td, file_get_contents('test.txt.nc'));
?>
And that doesn't produce anything even remotely resembling the source
text.
A while ago, there was a bug report filed on the mcrypt PHP extension
(49561) where someone reproduced the problem in C, using the mcrypt
libraries, and filed the bug report themselves. Can't that be done
here? I don't have the ability to compile PHP or PHP extensions such as
mcrypt and if no one reports the bug to the mcrypt developers than both
PHP and mcrypt will have this bug.
Of course, then again, given that bug # 49561 hasn't even been touched
by the mcrypt developers, it seems safe to assume that any bug report
that's filed - by me or anyone else - will be ignored. If mcrypt has
been abandoned by its developers when does PHP abandon mcrypt?
------------------------------------------------------------------------
[2010-02-25 19:23:47] paj...@php.net
It looks like a libmcrypt problem, if it is a bug. Can you try using the
mcrypt cmd line tools? If it fails and you see it as a bug, please
report a bug to the mcrypt project. Let us know how it went.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=51146
--
Edit this bug report at http://bugs.php.net/bug.php?id=51146&edit=1
