ID: 25177 User updated by: a dot lunkeit at signcubes dot com Reported By: a dot lunkeit at signcubes dot com Status: Bogus Bug Type: *Encryption and hash functions Operating System: Linux PHP Version: 4.3.2 New Comment:
I have to sorry for that problem i reported. In fact, not the sha1 function was the problem but the charset transformation during the transmission. It took a little bit to notice that problem, because the transmitted data was thought to be base 64 encoded and actuallay it wasnt in a correct way. I dont use that function any longer and wrote one on my own which seem s to work correct. Thanks for your invested time in that problem. Best regards Previous Comments: ------------------------------------------------------------------------ [2003-08-25 12:38:25] [EMAIL PROTECTED] Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Thank you for your interest in PHP. I think you may be doing something wrong and hence getting the wrong hashes. I've compared the hashes generated by sha1($data) and mhash(MHASH_SHA1, $data), with $data being a string from 20k - 1meg and got identical results. Here is a sample script you can try: <?php $data = "your data"; $sha = pack("H*", sha1($data)); $mhash = mhash(MHASH_SHA1, $data); var_dump($sha, $mhash, ($sha === $mhash)); ?> ------------------------------------------------------------------------ [2003-08-20 10:15:59] a dot lunkeit at signcubes dot com Here is the Testcontainer VERSION:VERSION 1.0 TYPE:OL_PAYMENT CERTIFICATE:MV8wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAeBgkqhkiG9w0BCQUxERgPMjAwMzA4MjAxNTA3MDZaMCMGCSqGSIb3DQEJBDEWBBThpbsOy9VEAPvp64X3gyREhZBK7w== PKCS7:MIIH6QYJKoZIhvcNAQcCoIIH2jCCB9YCAQExCzAJBgUrDgMCGgUAMIICSgYJKoZIhvcNAQcBoIICOwSCAjdTaG9wLUlkOjEyMzQ1Njc4DQpUcmFuc2FrdGlvbnMtSWQ6MTA2MTM5OTA0Nw0KVHJhbnNha3Rpb25zLVR5cDoxMCAoUmVzZXJ2YXRpb24pDQpCZXRyYWc6Mi41MA0KV RocnVuZzpFVVINCldhcmVua29yYjoNCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NCklocmUgQXJ0aWtlbDogDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQoxIFRhc3NlbiBkZXIgU29ydGUgMQ0KDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQpHZXNhbXRiZXRyYWc6IDIuNTAgRXVybw0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0KDQpLYXJ0ZW5pbmhhYmVyOiBNaWNoYWVsIEdlaHJrZQ0KS3VuZGVudW1tZXI6IDg5NDkwMTcyMzAwMDAxNDM0OTkNCktyZWRpdGthcnRlbi1OdW1tZXI6IDAxMjM0NTY3ODkNCkFibGF1ZmphaHIgZGVyIEtyZWRpdGthcnRlOiAyMDA2DQpBYmxhdWZtb25hdCBkZXIgS3JlZGl0a2FydGU6IDEyDQqgggP6MIID9jCCA1 gAwIBAgIEL64 GzANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEQMA4GA1UECxQHVGVsZVNlYzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNjpQTjAeFw0wMzA3MTcwODQ5MjRaFw0wNjA3MTcwODQ5MjRaMEwxCzAJBgNVBAYTAkRFMRcwFQYDVQQKDA5TaWduQ3ViZXMgR21iSDEYMBYGA1UEAwwPR2VocmtlLCBNaWNoYWVsMQowCAYDVQQFEwExMIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKBgQCNxj6tNW3VzYCXOkgTQCuRoqPUbokOnWUCozNoFMT26lwaSbApKWL4FS4M urXRJS/woltuCXZp3lxnQVA1eR/oMglYIURoKM7Xx1YP7mRKPUvecLLWjaWNPg9rzvg9kqcwjwlKxlMx6H1regWhsooBjucqg6G6NeDi2TJfxuhRQIFAMAAAAGjggHGMIIBwjAfBgNVHSMEGDAWgBTBgtADwJaxh 3T5AeVkxyIXmcqQDCB6AYDVR0fBIHgMIHdMIHaoGqgaIY1bGRhcDovL3Brc2xkYXAudHR0Yy5kZTozODkvbz1EZXV0c2NoZSBUZWxla29tIEFHLGM9ZGWGL2h0dHA6Ly93d3cudHR0Yy5kZS90ZWxlc2VjL3NlcnZsZXQvZG93bmxvYWRfY3JsomykajBoMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzE7MAwGBwKCBgEKBxQTATEwKwYDVQQDFCRUZWxlU2VjIERpcmVjdG9yeSBTZXJ2aWNlIFNpZ0cgMTA6UE4wGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4EFgQUjk1Pj5ro/5o8aepB877Z9eEBUtowDgYDVR0PAQH/BAQDAgZAMBIGA1UdIAQLMAkwBwYFKyQIAQEwIQYDVR0RBBowGIEWbS5nZWhya2VAc2lnbmN1YmVzLmNvbTA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly93d3cudHR0Yy5kZS9vY3NwcjANBgkqhkiG9w0BAQUFAAOBgQA6M2/12adZO8U7V3KRcpKKgnIUubGt8kjbxYwLZ765LFXiazqM77ITXuwCvZNRpuAN4PiG9evIbbJ0At9yslXDFJmmcESkxblj5Ln8m4fx8EG0MC80lSITJMI8JWnC25P2lPqV2SxXZuzv43xWRyqImtGMm5V/RazuUO G2oBDATGCAXYwggFyAgEBMG8wZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDY6UE4CBC uPhswCQYFKw4DAhoFAKBfMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHgYJKoZIhvcNAQkFMREYDzIwMDMwODIwMTUwNzA2WjAjBgkqhkiG9w0BCQQxFgQU4aW7DsvVRAD76euF94MkRIWQSu8wDQYJKoZIhvcNAQEFBQAEgYB5sVMxPutMCBCx4JHcrTwrUUlSrQ3rF5kTP8m889llRgHs45jviZ/H5YE0vUIWK 3YiaRn7Bwz0VhHXV4OmpjHvZQtZYBj t GhF8kS0SDRYH50PEOyLwoWNTJWgyKa4D2sJLrdEWlB/guSYjboG9zvzReyqNgIWa4P3EM3U2uOA== CUSTNUM:8949017230000143499 SHOP_ID:12345678 TRANS_ID:1061399047 TRANS_ART:10 AMMOUNT:2.50 CURRENCY:EUR CREDITCARD:0123456789 EXP_MONTH:12 EXP_YEAR:2006 HASH:973a24bd0bb33edd7d4bc59a735264b0e7db1f8f The data is taken until the Hash Field starts. The appended to this block contains the original hash computed in C++. Please note, that the lines are separated by CRLF (0x0d, 0x0a). ------------------------------------------------------------------------ [2003-08-20 09:34:51] a dot lunkeit at signcubes dot com Now i found out, that the data can be smaller. I took some data greater than 512 Bytes and the bug also appears. With data smaller than 512 Bytes it will not appear. I will generate some vectors for you within next half hour. ------------------------------------------------------------------------ [2003-08-20 08:29:56] [EMAIL PROTECTED] Can you point me to some of the reference test vectors? ------------------------------------------------------------------------ [2003-08-20 08:22:11] a dot lunkeit at signcubes dot com Description: ------------ I noticed, that the sha1 function computes wrong hash values for data with a volume greater than 2kB. My reference values are various free implementations in C++, which come to the same hash value, but the PHP implementation differs. With data smaller than 2kB the problem does not exist. Reproduce code: --------------- This can be any code using the sha1 function. My code example doesn't really matter. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=25177&edit=1
