views:

310

answers:

2

I have the following function in Ruby that decrypts a bit of data:

def decrypt(key, iv, cipher_hex)
    cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')

    cipher.decrypt
    cipher.key = key.gsub(/(..)/){|h| h.hex.chr}
    cipher.iv = iv.gsub(/(..)/){|h| h.hex.chr}

    decrypted_data = cipher.update(cipher_hex.gsub(/(..)/){|h| h.hex.chr})
    decrypted_data << cipher.final

    return decrypted_data
end

I'm trying to do the exact same thing in PHP, but I'm not sure what I'm doing wrong. Here's what I've got:

function decrypt_data($key, $iv, $cipher_hex) {
    return mcrypt_decrypt(
        MCRYPT_RIJNDAEL_128, 
        hex_to_str($key), 
        hex_to_str($cipher_hex), 
        MCRYPT_MODE_CBC, 
        hex_to_str($iv)
    );
}

function hex_to_str($hex_str) {
    preg_match_all('/(..)/', $hex_str, $matches);

    $to_return = '';
    foreach ($matches[1] as $val)
        $to_return .= chr(hexdec($val));
    return $to_return;
}

The output just ends up being garbage, not the string I'm looking for. Ideas?

And before we even start, switching it to MCRYPT_RIJNDAEL_256 doesn't seem help and just causes it to complain about the iv not being as long as the block size. I believe 128 is correct in this case since this site says that the 128/256 is an indication of the block size, not the key size.

+1  A: 

Personally I'm a little suspicious of the homebrewed hex_to_str function - why not just use pack('H*', $key)?

caf
Because I didn't know it was there! Thanks. However, using it gives me the same results as my `hex_to_str()` function.
fiXedd
A: 

It turns out that it was working fine, it's just that my test data was bad. The two changes I made were using pack() (at caf's suggestion) and dropping the padding characters from the end.

function decrypt_data($key, $iv, $cipher_hex) {
 return rtrim(
  mcrypt_decrypt(
   MCRYPT_RIJNDAEL_128, 
   pack('H*', $key), 
   pack('H*', $cipher_hex), 
   MCRYPT_MODE_CBC, 
   pack('H*', $iv)
  ), 
  "\x00..\x1F"
 );
}
fiXedd
beware - I've had issues with pack('H*') and nibbles with the padding chars, but maybe thats just me.
Justin
Thanks for the heads up Justin. It *seems* to be working fine :)
fiXedd