Edit report at http://bugs.php.net/bug.php?id=51146&edit=1
ID: 51146
Comment by: lemkemch at t-online dot de
Reported by: zelnaga at gmail dot com
Summary: mcrypt doesn't do OFB mode correctly
Status: Open
Type: Bug
Package: mcrypt related
Operating System: Windows XP
PHP Version: 5.3.1
Block user comment: N
Private report: N
New Comment:
I can't believe what I was reading about ncfb above. That was the
solution to decrypt my OpenOffice files. I had it working in Java, with
openssl on the command line but I couldn't get it to work with php no
matter what I tried. I had no idea that such a mode exists. So please,
document this and define a constant for it.
Previous Comments:
------------------------------------------------------------------------
[2011-01-05 21:14:42] me at haravikk dot com
To answer your first question, performing the encryption per-byte is
kind of odd, I haven't done much
testing but I don't think it actually consumes the entire input vector,
only the first byte, just think of
it as running with an 8-bit wide state, rather than the more typical
128-bit wide state.
I've never had the time to confirm that this is the exact case, though,
but I believe it's compatible with
other cryptography solutions that can operate per-byte.
For your second point; sorry I should have pointed out that there is no
predefined constant for
MCRYPT_MODE_NCFB, you can however just enter it manually as 'ncfb' like
so:
mcrypt_module_open('rijndael-128', '', 'ncfb', '');
So if there's a failing on the PHP side it's that we need an
MCRYPT_MODE_NCFB, and that MCRYPT_MODE_CFB
and MCRYPT_MODE_OFB should be properly documented so people don't keep
using them expecting different
results!
------------------------------------------------------------------------
[2010-06-19 15:42:52] zelnaga at gmail dot com
Also, there's still the matter of CFB. So NOFB is what most everything
else refers to as OFB but CFB'a wrong, as well, and it has no NCFB
counter part.
------------------------------------------------------------------------
[2010-06-19 15:40:10] zelnaga at gmail dot com
What does it even mean to do OFB at the byte-level? Per
<http://en.wikipedia.org/wiki/File:Ofb_encryption.png>, in OFB, you
encrypt the IV with the key with the chosen block cipher algorithm and
then XOR that against the plaintext to get the ciphertext. How do you
do that at the "byte level"? Do you do substrings or something?
------------------------------------------------------------------------
[2010-06-01 12:22:07] me at haravikk dot com
You're using the wrong OFB mode, you need to use MCRYPT_MODE_NOFB.
MCRYPT_MODE_OFB is per-byte, while MCRYPT_MODE_NOFB is per-block and
gives the
result you were expecting.
------------------------------------------------------------------------
[2010-04-13 23:36:44] zelnaga at gmail dot com
I was comparing mcrypt against openssl_encrypt() and... well, either
OpenSSL is wrong or mcrypt is wrong:
<?php
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_OFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo bin2hex(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CFB, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo bin2hex(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
echo bin2hex(openssl_encrypt("\0\0\0\0\0\0\0\0", 'DES-OFB', 'aaaaaaaa',
true)) . "\r\n";
echo bin2hex(openssl_encrypt("\0\0\0\0\0\0\0\0", 'DES-CFB', 'aaaaaaaa',
true)) . "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo bin2hex(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo bin2hex(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
echo "\r\n";
$td = mcrypt_module_open(MCRYPT_DES, '', 'ctr', '');
mcrypt_generic_init($td, 'aaaaaaaa', "\0\0\0\0\0\0\0\0");
echo bin2hex(mcrypt_generic($td, "\0\0\0\0\0\0\0\0"));
?>
ie. mcrypt, in CTR, CBC and ECB modes equal OpenSSL in OFB and CFB modes
but not mcrypt in OFB and CFB modes. In other words, OpenSSL's OFB !=
mcrypt's OFB and they should.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=51146
--
Edit this bug report at http://bugs.php.net/bug.php?id=51146&edit=1
