Bug #60705 [Com]: rijndael iv problem

Sun, 26 Feb 2012 13:31:10 -0800 

Edit report at https://bugs.php.net/bug.php?id=60705&edit=1

 ID:                 60705
 Comment by:         erno dot kovacs at freemail dot hu
 Reported by:        erno dot kovacs at freemail dot hu
 Summary:            rijndael iv problem
 Status:             Open
 Type:               Bug
 Package:            mcrypt related
 Operating System:   linux/windows
 PHP Version:        5.3.8
 Block user comment: N
 Private report:     N

 New Comment:

AES blocksize is constant 16 bytes, so is the IV.


Previous Comments:
------------------------------------------------------------------------
[2012-02-26 21:27:16] erno dot kovacs at freemail dot hu

it seems you dont recognize the difference between the cipher block size and 
the input plaintext data...

------------------------------------------------------------------------
[2012-02-26 21:25:24] erno dot kovacs at freemail dot hu

you are absolutly wrong. the iv must have the same size as the ciphers block 
size.

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

------------------------------------------------------------------------
[2012-02-26 20:11:02] a...@php.net

After looking at the mcrypt implementation it turns out, that the way you're 
doing 
that in perl is non standard. The init vector SHOULD have the same size the 
block 
does. In your case 32 bytes. Looking at some other libs, for instance 
http://msdn.microsoft.com/en-
us/library/system.security.cryptography.symmetricalgorithm.iv.aspx
the stuff is handled the same way - vi size = block size.

------------------------------------------------------------------------
[2012-01-10 23:08:05] erno dot kovacs at freemail dot hu

Description:
------------
Cryptography basics: IV is always the same as the block size, which is 16 bytes 
(128 bits) in case of AES(Rijndael). However, when you use RIJNDAEL_192 or 
RIJNDAEL_256 with an IV of 16 bytes in CBC mode, you got a warning 
"mcrypt_generic_init() [function.mcrypt-generic-init]: Iv size incorrect; 
supplied length: 16, needed: 32". This is bullshit.

This way if you try to decrypt data encrypted by a 32 byte (256 bit) key with 
16 byte (128 bit) IV with RIJNDAEL_256 in CBC mode, the decrypted data is 
WRONG. Even worse, if you modify the constant to RIJNDAEL_128, it decrypts the 
ciphertext correctly. This is a major failure.

Tested with PHP 5.3.4 Win32 and 5.3.8 Linux.


Test script:
---------------
http://pastebin.com/X1S7bUXV

Expected result:
----------------
decrypted : hello world

decrypted : *garbage*



Actual result:
--------------
Warning: mcrypt_generic_init() [function.mcrypt-generic-init]: Iv size 
incorrect; supplied length: 16, needed: 32 in ...
decrypted : ц2‘в АЭ/(ѕвy7YЃƒ0z=/оч|µ8„0Г£

decrypted : hello world


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60705&edit=1

Reply via email to