tags:

views:

70

answers:

2

Hello, I'm trying to perform encryption and decryption (Rijndael 256, ecb mode) in two different components:
1. PHP - Server Side (using mcrypt)
2. C + + - Client Side (using gcrypt)

I ran into a problem when the client side could not decrypt correctly the encrypted data (made by the server side)
so... i checked the:
1. initial vector - same same (32 length)
2. the key - again the same key on both sides..

so i wrote some code in C++ that will encrypt the data (with the same parameters like in the php)
and i found out that the encrypted data contains different bytes (maybe encoding issue??)

I'll be more than glad to get some help

PHP - MCrypt


// Encrypt Function
function mc_encrypt($encrypt, $mc_key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $iv = "static_init_vector_static_init_v";
    echo "IV-Size: " . $iv_size . "\n";
    echo "IV: " . $iv . "\n";
    $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $mc_key, $encrypt, MCRYPT_MODE_ECB, $iv);
    print_hex($passcrypt);
    return $encode;
}

mc_encrypt("Some text which should be encrypted...","keykeykeykeykeykeykeykeykeykeyke");

I'll post the C++ code in a comment

Thanks, Johnny Depp

+1  A: 

OK. I'll make my comment an answer:

An Initialization Vector (IV) isn't used in ECB mode. If it is provided different implementations might work differently.

If you want to be sure the implementations will work correctly then use an IV of 0 (zero). Even though you provide the IV, both implementations SHOULD ignore it but one can never be sure about that. Not providing an IV in ECB mode should work aswell but again, it all depends on the implementations.

According to the PHP documentation MCrypt will ignore it. GCrypt I'm not sure about.

mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB) should actually return 0 since you specify ECB mode.

Edit:

Do not call mcrypt_get_iv_size or mcrypt_create_iv.
Instead call mcrypt_encrypt without an IV. According to the PHP documentation all bytes in the IV will be set to '\0'.

Same goes for the C++ code. No need to set any IV at all. The libgcrypt code is complex but from glancing at the source of version 1.4.5 then in ECB mode it seems the IV isn't used at all.

If the resulting ciphertext still differs then the problem is something else.
A couple of possibilities comes to mind:

  • Encoding - Is the same encoding used in both the server and the client?
  • Endianness - What type of systems are the server and the client? Big- vs Little-endian?
Sani Huttunen
Hi Sani,the function mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB) returns 32 in my environment. where can i force the IV to be ignored?
Johnny Depp
I changed the value of the IV to zero's and i get the same results (different values)
Johnny Depp
about the Endianness currently its the same machine (32-bit ubuntu) so i guss it's not my problem yet. (good point btw)and about the encoding stuffutf8 in the C++ (using char*)in the PHP i forced utf8 encoding byif(is_utf8($encrypt) == false) { $encrypt = utf8_encode($encrypt); }if(is_utf8($mc_key) == false) { $mc_key = utf8_encode($mc_key); }$passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $mc_key, $encrypt, MCRYPT_MODE_ECB, $iv);if(is_utf8($passcrypt) == false) { $passcrypt = utf8_encode($passcrypt); }
Johnny Depp
Are you sure that you are using UTF8 in C++? To me it looks like you are using plain ASCII. string.c_str() doesn't convert the text to UTF8.
Sani Huttunen
not that sure, i checked the encoding stuff by printing the bytes of "Hello" in php (calling mb_internal_encoding("UTF-8") first), C++ (with g++), C++ (with Visual Studio)all the testers returns "\x48\x65\x6c\x6c\x6f"for some reason i still get different values when i try to encrypt :\
Johnny Depp
A: 

Finally i used another php cryptography class (http://www.phpaes.com) which works great with libgrcypt

Shani thanks a lot for your help and your time!

Johnny Depp